Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Portal.msi

Overview

General Information

Sample name:Portal.msi
Analysis ID:1527957
MD5:9b7151e351cfbfbf8276b9a2cd8dccc2
SHA1:c5f1808e63a6ba22f602bab3225d8821372b8e79
SHA256:60b686750a697e5b2a1580e7b2932c269bf7e2231869769c2ad49546f2f8577c
Tags:msiMuddyWaterRustyStealerTA450user-smica83
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected suspicious sample
Bypasses PowerShell execution policy
Loading BitLocker PowerShell Module
Queries the IP of a very long domain name
Reads the Security eventlog
Reads the System eventlog
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Change PowerShell Policies to an Insecure Level
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 2676 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Portal.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 6472 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 6000 cmdline: C:\Windows\System32\MsiExec.exe -Embedding 6CC2AEC21F9691D9400C52C3CC91B334 MD5: E5DA170027542E25EDE42FC54C929077)
      • rundll32.exe (PID: 2796 cmdline: rundll32.exe "C:\Windows\Installer\MSI146E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6952171 2 WixSharp!WixSharp.ManagedProjectActions.WixSharp_InitRuntime_Action MD5: EF3179D498793BF4234F708D3BE28633)
      • rundll32.exe (PID: 6156 cmdline: rundll32.exe "C:\Windows\Installer\MSI1F6E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6954890 16 WixSharp!WixSharp.ManagedProjectActions.WixSharp_BeforeInstall_Action MD5: EF3179D498793BF4234F708D3BE28633)
    • msiexec.exe (PID: 1084 cmdline: C:\Windows\System32\MsiExec.exe -Embedding F809AF2B04EF2DCECEB62F05202EAA97 E Global\MSI0000 MD5: E5DA170027542E25EDE42FC54C929077)
      • rundll32.exe (PID: 1412 cmdline: rundll32.exe "C:\Windows\Installer\MSI2676.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6956718 38 pdqconnectagent-setup!pdqconnectagent_setup.CustomActions.CreateEventSource MD5: EF3179D498793BF4234F708D3BE28633)
      • rundll32.exe (PID: 2796 cmdline: rundll32.exe "C:\Windows\Installer\MSI2C05.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6958093 44 pdqconnectagent-setup!pdqconnectagent_setup.CustomActions.WriteToken MD5: EF3179D498793BF4234F708D3BE28633)
      • rundll32.exe (PID: 3332 cmdline: rundll32.exe "C:\Windows\Installer\MSI328E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6959781 50 pdqconnectagent-setup!pdqconnectagent_setup.CustomActions.StartService MD5: EF3179D498793BF4234F708D3BE28633)
        • sc.exe (PID: 2680 cmdline: "C:\Windows\system32\sc.exe" start "PDQConnectAgent" MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
          • conhost.exe (PID: 6392 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • pdq-connect-agent.exe (PID: 2820 cmdline: "C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe" --service MD5: 0B92E149D8047B46F69D9E31B0DA5500)
    • powershell.exe (PID: 3288 cmdline: "powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 2076 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 5024 cmdline: "powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 5492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 4744 cmdline: "powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 5276 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 2460 cmdline: "powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command - MD5: 04029E121A0CFA5991749937DD22A1D9)
      • conhost.exe (PID: 1396 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Change PowerShell Policies to an Insecure Level
Source: Process startedAuthor: frack113: Data: Command: "powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command -, CommandLine: "powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command -, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe" --service, ParentImage: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe, ParentProcessId: 2820, ParentProcessName: pdq-connect-agent.exe, ProcessCommandLine: "powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command -, ProcessId: 3288, ProcessName: powershell.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command -, CommandLine: "powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command -, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe" --service, ParentImage: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe, ParentProcessId: 2820, ParentProcessName: pdq-connect-agent.exe, ProcessCommandLine: "powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command -, ProcessId: 3288, ProcessName: powershell.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 94.2% probability
Source: pdq-connect-agent.exe, 0000000C.00000002.3295758131.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_5bea58ed-8
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\PDQJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\PDQ\PDQConnectAgentJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\PDQ\PDQConnectAgent\LICENSE.htmlJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F03416B2-8C97-4CC4-8578-5F6A58F3EB84}Jump to behavior
Source: unknownHTTPS traffic detected: 104.16.77.47:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.159.140.238:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.77.47:443 -> 192.168.2.5:49979 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.77.47:443 -> 192.168.2.5:49980 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.77.47:443 -> 192.168.2.5:49981 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.77.47:443 -> 192.168.2.5:49982 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.128.163.126:443 -> 192.168.2.5:49983 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.77.47:443 -> 192.168.2.5:49984 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.128.163.126:443 -> 192.168.2.5:49985 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.77.47:443 -> 192.168.2.5:49986 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.128.163.126:443 -> 192.168.2.5:49987 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.77.47:443 -> 192.168.2.5:49988 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.128.163.126:443 -> 192.168.2.5:49989 version: TLS 1.2
Source: Binary string: D:\dev\wixsharp-wix4\Source\src\WixSharp\obj\Release\WixSharp.pdbt~ source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.dr
Source: Binary string: \??\C:\Windows\Installer\SFXCA363E23D38342B28859B2E30EB0910098\pdqconnectagent-setup.pdbm source: rundll32.exe, 00000007.00000002.2111161917.000001F0B0268000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Installer\SFXCABAC30776D64ECC5AFC62613A5E146B74\pdqconnectagent-setup.pdbll source: rundll32.exe, 00000009.00000002.2145984383.000001B2FB360000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdqconnectupdater-setup.pdb source: PDQConnectUpdater-0.3.0.msi.12.dr
Source: Binary string: WixToolset.Dtf.WindowsInstaller.pdbSHA256 source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixToolset.Dtf.WindowsInstaller.dll.4.dr
Source: Binary string: D:\dev\wixsharp-wix4\Source\src\WixSharp\obj\Release\WixSharp.pdb source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.dr
Source: Binary string: D:\a\wix\wix\build\dtf\Release\x64\SfxCA.pdb source: Portal.msi, PDQConnectUpdater-0.3.0.msi.12.dr, MSI1F2D.tmp.1.dr, MSI328E.tmp.1.dr
Source: Binary string: pdqconnectagent-setup.pdb source: Portal.msi, MSI1F2D.tmp.1.dr, MSI328E.tmp.1.dr
Source: Binary string: D:\a\wix4\wix4\build\api\Release\v143\x86\mbanative.pdb source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.dr
Source: Binary string: \??\C:\Windows\Installer\SFXCA87E78A4C484AC7BA8DC6E0B5627E7F20\pdqconnectagent-setup.pdblH source: rundll32.exe, 00000008.00000002.2125319285.0000024569AC0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\wix\wix\build\Util.wixext\Release\x64\utilca.pdb source: Portal.msi, PDQConnectUpdater-0.3.0.msi.12.dr, MSI1F2D.tmp.1.dr
Source: Binary string: D:\a\rover\rover\wix\pdqconnectagent-setup\obj\Release\pdqconnectagent-setup.pdb source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, pdqconnectagent-setup.exe.7.dr
Source: Binary string: cscs.exe.pdb!Build_CA_DLL.cmd source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.dr
Source: Binary string: Yqw pdqconnectupdater-setup.pdbh source: PDQConnectUpdater-0.3.0.msi.12.dr
Source: Binary string: WixToolset.Dtf.WindowsInstaller.pdb source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixToolset.Dtf.WindowsInstaller.dll.4.dr
Source: Binary string: PDQCON~1.PDBpdqconnectagent-setup.pdbx source: rundll32.exe, 00000008.00000002.2125319285.0000024569B62000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d1YKt pdqconnectagent-setup.pdbh source: Portal.msi, MSI1F2D.tmp.1.dr, MSI328E.tmp.1.dr
Source: Binary string: pdq_connect_agent.pdb source: pdq-connect-agent.exe, 0000000C.00000002.3295758131.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe, 0000000C.00000000.2139822757.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe.1.dr
Source: Binary string: D:\a\rover\rover\wix\pdqconnectagent-setup\obj\Release\pdqconnectagent-setup.pdb=MWM IM_CorExeMainmscoree.dll source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, pdqconnectagent-setup.exe.7.dr
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: c:
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior

Networking

barindex
Queries the IP of a very long domain name
Source: unknownDNS traffic detected: query: pdqinstallers.e9d69694c3d8f7465fd531512c22bd0f.r2.cloudflarestorage.com
Source: global trafficHTTP traffic detected: GET /v1/devices/release-channels/stable/manifest.json HTTP/1.1x-pdq-key-ids: ask_b357915753b14d77946accept: */*host: app.pdq.com
Source: Joe Sandbox ViewIP Address: 34.128.163.126 34.128.163.126
Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /v1/devices/release-channels/stable/manifest.json HTTP/1.1x-pdq-key-ids: ask_b357915753b14d77946accept: */*host: app.pdq.com
Source: global trafficHTTP traffic detected: GET /connect-agent/PDQConnectUpdater-0.3.0.msi?x-amz-acl=private&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=796077fae8f70edb91a7fc855e7e36ea%2F20241007%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241007T112315Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=f31523c676157dae877ac7e0885208001b440e0d5aa6f5aa61caec4e0e6d395b HTTP/1.1accept: */*user-agent: PDQ rover 5.5.1host: pdqinstallers.e9d69694c3d8f7465fd531512c22bd0f.r2.cloudflarestorage.com
Source: global trafficHTTP traffic detected: GET /v1/devices/auth-token HTTP/1.1x-auth-challenge-token: SFMyNTY.g2gDdAAAAAJtAAAACWNoYWxsZW5nZW0AAABAMzg5RjA4MjBGNjdFM0VBMTA5OUMzOTlBRDJEMTYyMTYyRkIzQkU5NTc2OTRDNTdCMTE1RTg5RDM4RUJBQTQzOW0AAAAJZGV2aWNlX2lkbQAAACRkdmNfY2YwM2Q3M2U2YzZiMzRhYmM4YmM4NDA5ZjhlZTEzYzFuBgAmELlmkgFiAAFRgA.0N7Tx4Q3ZMAtN3sW2qv5UDSW0FoEj2ZGZHcGWmb0grgx-auth-challenge-signature: e6a90cc078d79ed01b1fc84f362f845ee9f81a3ba45eb84ce770ba2116d302b212066e7a9f8d46e8584eb548b6664e3a8536dc5fa4b5498bde7ef482b7ac8b0ex-pdq-key-ids: ask_b357915753b14d77946user-agent: PDQ rover 5.5.1accept: */*host: app.pdq.com
Source: global trafficHTTP traffic detected: GET /v1/devices/socket/websocket?device_id=dvc_cf03d73e6c6b34abc8bc8409f8ee13c1 HTTP/1.1Host: websocket.app.pdq.com:443Connection: UpgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: Y51N629PzzcrK6X5pi/hjw==authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ3ZWJzb2NrZXQtcHJveHkiLCJleHAiOjE3MjgzODY2NTcsImlhdCI6MTcyODMwMDI1NywiaXNzIjoiaG91c3RvbiIsImp0aSI6ImE5ZTFmOTk2LWJmNTctNDYyNS05ODFiLTMxZmY0MGJhYzNjMSIsIm5iZiI6MTcyODMwMDI1Niwib3JnYW5pemF0aW9uX2lkIjoib3JnXzNiZWMwOTAwN2MzYjQ0OThiYzYiLCJwdWJsaWNfa2V5IjoiTFMwdExTMUNSVWRKVGlCUVZVSk1TVU1nUzBWWkxTMHRMUzBLVFVOdmQwSlJXVVJMTWxaM1FYbEZRVE53WkZsdWJ6TkRSWEZTYjBZNGNuY3ZZbVI0UlRWUVVFbEVTbUUwYm1KTFJWVlpiMmxPUVdSbFVsazlDaTB0TFMwdFJVNUVJRkJWUWt4SlF5QkxSVmt0TFMwdExRbyIsInN1YiI6ImR2Y19jZjAzZDczZTZjNmIzNGFiYzhiYzg0MDlmOGVlMTNjMSIsInR5cCI6ImFjY2VzcyJ9.9jIZgmMdtqhybhcDBSjUQj3MYa4u-ZX6HMfrB6_z69-3pRp96sUHLjF_yxTI8pdFPo7FG94zj_c_aI_MnC3d1guser-agent: PDQ rover 5.5.1x-release-channel: stablex-pdq-key-ids: ask_b357915753b14d77946x-auth-challenge-signature: ee49145b1d2b5e47bf857979fcf774a05e4a7e71b666967be326b4301b4e76cef36a3d23a6939399fd30da44a41d1f58b7318e8973c1ccef6904bb5970aeeb07x-auth-challenge-token: SFMyNTY.g2gDdAAAAAJtAAAACWNoYWxsZW5nZW0AAABAQzUyRUI0REY3OTU2MzRDMjBCRkEyQUQwOTU5RjRDNDNDMUQ4QjlFMTRBNkE3OEQ2OTlCNTQ0NDkxRjBGMkU5MW0AAAAJZGV2aWNlX2lkbQAAACRkdmNfY2YwM2Q3M2U2YzZiMzRhYmM4YmM4NDA5ZjhlZTEzYzFuBgDqDLlmkgFiAAFRgA.x2B6_ZNfIuTbwFxOAkYQI72pPlYOpgciPlJr_2WwsrM
Source: global trafficHTTP traffic detected: GET /v1/devices/socket/websocket?device_id=dvc_cf03d73e6c6b34abc8bc8409f8ee13c1 HTTP/1.1Host: websocket.app.pdq.com:443Connection: UpgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: WQSStiWAvRInix3U0Ars5w==authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ3ZWJzb2NrZXQtcHJveHkiLCJleHAiOjE3MjgzODY2NTcsImlhdCI6MTcyODMwMDI1NywiaXNzIjoiaG91c3RvbiIsImp0aSI6ImE5ZTFmOTk2LWJmNTctNDYyNS05ODFiLTMxZmY0MGJhYzNjMSIsIm5iZiI6MTcyODMwMDI1Niwib3JnYW5pemF0aW9uX2lkIjoib3JnXzNiZWMwOTAwN2MzYjQ0OThiYzYiLCJwdWJsaWNfa2V5IjoiTFMwdExTMUNSVWRKVGlCUVZVSk1TVU1nUzBWWkxTMHRMUzBLVFVOdmQwSlJXVVJMTWxaM1FYbEZRVE53WkZsdWJ6TkRSWEZTYjBZNGNuY3ZZbVI0UlRWUVVFbEVTbUUwYm1KTFJWVlpiMmxPUVdSbFVsazlDaTB0TFMwdFJVNUVJRkJWUWt4SlF5QkxSVmt0TFMwdExRbyIsInN1YiI6ImR2Y19jZjAzZDczZTZjNmIzNGFiYzhiYzg0MDlmOGVlMTNjMSIsInR5cCI6ImFjY2VzcyJ9.9jIZgmMdtqhybhcDBSjUQj3MYa4u-ZX6HMfrB6_z69-3pRp96sUHLjF_yxTI8pdFPo7FG94zj_c_aI_MnC3d1guser-agent: PDQ rover 5.5.1x-release-channel: stablex-pdq-key-ids: ask_b357915753b14d77946x-auth-challenge-signature: c5433f7a1d7c0b92e1608a9a5079b711cde242ba83c0900bd5182a7e782fc580cf9aa602cbed775140fe8572f130294a5909216fbb59016b86283d192b98a307x-auth-challenge-token: SFMyNTY.g2gDdAAAAAJtAAAACWNoYWxsZW5nZW0AAABANDJBQjQ3NTMyOTlDQTk3MzkzN0VERDlFNjFGN0VFODJBQTBEQURGMUE3MDZFMEYyQ0M3NTY4NEU1NTNCODlBNm0AAAAJZGV2aWNlX2lkbQAAACRkdmNfY2YwM2Q3M2U2YzZiMzRhYmM4YmM4NDA5ZjhlZTEzYzFuBgD4b7lmkgFiAAFRgA.DbY-vbpJIjwkCjvmwoTRamTeuIQOT-xB5uFNjDG0Yr8
Source: global trafficHTTP traffic detected: GET /v1/devices/socket/websocket?device_id=dvc_cf03d73e6c6b34abc8bc8409f8ee13c1 HTTP/1.1Host: websocket.app.pdq.com:443Connection: UpgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: WjfvLqi3SZVqZ6DHtBWwKA==authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ3ZWJzb2NrZXQtcHJveHkiLCJleHAiOjE3MjgzODY2NTcsImlhdCI6MTcyODMwMDI1NywiaXNzIjoiaG91c3RvbiIsImp0aSI6ImE5ZTFmOTk2LWJmNTctNDYyNS05ODFiLTMxZmY0MGJhYzNjMSIsIm5iZiI6MTcyODMwMDI1Niwib3JnYW5pemF0aW9uX2lkIjoib3JnXzNiZWMwOTAwN2MzYjQ0OThiYzYiLCJwdWJsaWNfa2V5IjoiTFMwdExTMUNSVWRKVGlCUVZVSk1TVU1nUzBWWkxTMHRMUzBLVFVOdmQwSlJXVVJMTWxaM1FYbEZRVE53WkZsdWJ6TkRSWEZTYjBZNGNuY3ZZbVI0UlRWUVVFbEVTbUUwYm1KTFJWVlpiMmxPUVdSbFVsazlDaTB0TFMwdFJVNUVJRkJWUWt4SlF5QkxSVmt0TFMwdExRbyIsInN1YiI6ImR2Y19jZjAzZDczZTZjNmIzNGFiYzhiYzg0MDlmOGVlMTNjMSIsInR5cCI6ImFjY2VzcyJ9.9jIZgmMdtqhybhcDBSjUQj3MYa4u-ZX6HMfrB6_z69-3pRp96sUHLjF_yxTI8pdFPo7FG94zj_c_aI_MnC3d1guser-agent: PDQ rover 5.5.1x-release-channel: stablex-pdq-key-ids: ask_b357915753b14d77946x-auth-challenge-signature: 1e0fdd3ef412c9592046f0516d35b922e4894713790dec894bad8823daef1083549c681334805ac0ea09423086c910526f098524bd24763adafa373211ff1002x-auth-challenge-token: SFMyNTY.g2gDdAAAAAJtAAAACWNoYWxsZW5nZW0AAABANTBFRThERUY4RjBCOEM3MjQ0Q0VFRkQzNzFGNTQyQzNBRjc5QjFBODgwRThDMzQ2NzZBRDY0MUYzNTk2QUI2RG0AAAAJZGV2aWNlX2lkbQAAACRkdmNfY2YwM2Q3M2U2YzZiMzRhYmM4YmM4NDA5ZjhlZTEzYzFuBgCskblmkgFiAAFRgA.FcvW4ooNiqZsJy5Pt2NyFNKMar8EzPcCeIkqRiTZDOU
Source: global trafficHTTP traffic detected: GET /v1/devices/socket/websocket?device_id=dvc_cf03d73e6c6b34abc8bc8409f8ee13c1 HTTP/1.1Host: websocket.app.pdq.com:443Connection: UpgradeUpgrade: websocketSec-WebSocket-Version: 13Sec-WebSocket-Key: B3FXw8Dap40WbDRx5ILaZA==authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ3ZWJzb2NrZXQtcHJveHkiLCJleHAiOjE3MjgzODY2NTcsImlhdCI6MTcyODMwMDI1NywiaXNzIjoiaG91c3RvbiIsImp0aSI6ImE5ZTFmOTk2LWJmNTctNDYyNS05ODFiLTMxZmY0MGJhYzNjMSIsIm5iZiI6MTcyODMwMDI1Niwib3JnYW5pemF0aW9uX2lkIjoib3JnXzNiZWMwOTAwN2MzYjQ0OThiYzYiLCJwdWJsaWNfa2V5IjoiTFMwdExTMUNSVWRKVGlCUVZVSk1TVU1nUzBWWkxTMHRMUzBLVFVOdmQwSlJXVVJMTWxaM1FYbEZRVE53WkZsdWJ6TkRSWEZTYjBZNGNuY3ZZbVI0UlRWUVVFbEVTbUUwYm1KTFJWVlpiMmxPUVdSbFVsazlDaTB0TFMwdFJVNUVJRkJWUWt4SlF5QkxSVmt0TFMwdExRbyIsInN1YiI6ImR2Y19jZjAzZDczZTZjNmIzNGFiYzhiYzg0MDlmOGVlMTNjMSIsInR5cCI6ImFjY2VzcyJ9.9jIZgmMdtqhybhcDBSjUQj3MYa4u-ZX6HMfrB6_z69-3pRp96sUHLjF_yxTI8pdFPo7FG94zj_c_aI_MnC3d1guser-agent: PDQ rover 5.5.1x-release-channel: stablex-pdq-key-ids: ask_b357915753b14d77946x-auth-challenge-signature: 18b3927a0fcda9263a79513afda2644664dee855d4412f98bda32f73d26351b04e6e537183ecc2b53992c663dd8d2fe907cab300246f958beea8478cc4d5510fx-auth-challenge-token: SFMyNTY.g2gDdAAAAAJtAAAACWNoYWxsZW5nZW0AAABAMUNGMDIzODI5OEQ5RjE0ODU0RjkzQjQyRDQ2QUMyMUE2QzcyQkU2QTkxMkM0NjI4MTg2NDRGNDU3MTEyQjcwMW0AAAAJZGV2aWNlX2lkbQAAACRkdmNfY2YwM2Q3M2U2YzZiMzRhYmM4YmM4NDA5ZjhlZTEzYzFuBgDc2rlmkgFiAAFRgA.Pv8qOVmhQgehVWR2BeHfaInVq9xkEGeTWoD0s36HirQ
Source: global trafficDNS traffic detected: DNS query: app.pdq.com
Source: global trafficDNS traffic detected: DNS query: pdqinstallers.e9d69694c3d8f7465fd531512c22bd0f.r2.cloudflarestorage.com
Source: global trafficDNS traffic detected: DNS query: websocket.app.pdq.com
Source: unknownHTTP traffic detected: POST /v1/devices/register HTTP/1.1content-type: application/x-www-form-urlencodedaccept: */*user-agent: PDQ rover 5.5.1host: app.pdq.comcontent-length: 506
Source: rundll32.exe, 00000004.00000003.2060074603.000001F96F002000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082240245.000001B489421000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2101046515.000001F0B0292000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2115010899.0000024569AF1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132284855.000001B2FB391000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000003.2745757092.000001E3414D6000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000003.2752781027.000001E3414E1000.00000004.00000020.00020000.00000000.sdmp, Portal.msi, WixSharp.dll.5.dr, PDQConnectUpdater-0.3.0.msi.12.dr, MSI1F2D.tmp.1.dr, pdqconnectagent-setup.exe.7.dr, WixToolset.Dtf.WindowsInstaller.dll.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: rundll32.exe, 00000004.00000003.2060074603.000001F96F002000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082240245.000001B489421000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2101046515.000001F0B0292000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2115010899.0000024569AF1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132284855.000001B2FB391000.00000004.00000020.00020000.00000000.sdmp, Portal.msi, WixSharp.dll.5.dr, PDQConnectUpdater-0.3.0.msi.12.dr, MSI1F2D.tmp.1.dr, WixToolset.Dtf.WindowsInstaller.dll.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
Source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, Portal.msi, PDQConnectUpdater-0.3.0.msi.12.dr, pdqconnectagent-setup.exe.7.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crt0
Source: rundll32.exe, 00000004.00000003.2060074603.000001F96F002000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082240245.000001B489421000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2101046515.000001F0B0292000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2115010899.0000024569AF1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132284855.000001B2FB391000.00000004.00000020.00020000.00000000.sdmp, Portal.msi, WixSharp.dll.5.dr, PDQConnectUpdater-0.3.0.msi.12.dr, MSI1F2D.tmp.1.dr, pdqconnectagent-setup.exe.7.dr, WixToolset.Dtf.WindowsInstaller.dll.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: rundll32.exe, 00000004.00000003.2060074603.000001F96F002000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082240245.000001B489421000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2101046515.000001F0B0292000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2115010899.0000024569AF1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132284855.000001B2FB391000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000003.2745757092.000001E3414D6000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000003.2752781027.000001E3414E1000.00000004.00000020.00020000.00000000.sdmp, Portal.msi, WixSharp.dll.5.dr, PDQConnectUpdater-0.3.0.msi.12.dr, MSI1F2D.tmp.1.dr, pdqconnectagent-setup.exe.7.dr, WixToolset.Dtf.WindowsInstaller.dll.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: rundll32.exe, 00000004.00000003.2060074603.000001F96F002000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082240245.000001B489421000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2101046515.000001F0B0292000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2115010899.0000024569AF1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132284855.000001B2FB391000.00000004.00000020.00020000.00000000.sdmp, Portal.msi, WixSharp.dll.5.dr, PDQConnectUpdater-0.3.0.msi.12.dr, MSI1F2D.tmp.1.dr, WixToolset.Dtf.WindowsInstaller.dll.4.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
Source: rundll32.exe, 00000004.00000003.2060074603.000001F96F002000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082240245.000001B489421000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2101046515.000001F0B0292000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2115010899.0000024569AF1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132284855.000001B2FB391000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000003.2745757092.000001E3414D6000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000003.2752781027.000001E3414E1000.00000004.00000020.00020000.00000000.sdmp, Portal.msi, WixSharp.dll.5.dr, PDQConnectUpdater-0.3.0.msi.12.dr, MSI1F2D.tmp.1.dr, pdqconnectagent-setup.exe.7.dr, WixToolset.Dtf.WindowsInstaller.dll.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: rundll32.exe, 00000004.00000003.2060074603.000001F96F002000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082240245.000001B489421000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2101046515.000001F0B0292000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2115010899.0000024569AF1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132284855.000001B2FB391000.00000004.00000020.00020000.00000000.sdmp, Portal.msi, WixSharp.dll.5.dr, PDQConnectUpdater-0.3.0.msi.12.dr, MSI1F2D.tmp.1.dr, WixToolset.Dtf.WindowsInstaller.dll.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
Source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, Portal.msi, PDQConnectUpdater-0.3.0.msi.12.dr, pdqconnectagent-setup.exe.7.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0S
Source: rundll32.exe, 00000004.00000003.2060074603.000001F96F002000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082240245.000001B489421000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2101046515.000001F0B0292000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2115010899.0000024569AF1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132284855.000001B2FB391000.00000004.00000020.00020000.00000000.sdmp, Portal.msi, WixSharp.dll.5.dr, PDQConnectUpdater-0.3.0.msi.12.dr, MSI1F2D.tmp.1.dr, pdqconnectagent-setup.exe.7.dr, WixToolset.Dtf.WindowsInstaller.dll.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: pdqconnectagent-setup.exe.7.dr, WixToolset.Dtf.WindowsInstaller.dll.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: rundll32.exe, 00000004.00000003.2060074603.000001F96F002000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082240245.000001B489421000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2101046515.000001F0B0292000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2115010899.0000024569AF1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132284855.000001B2FB391000.00000004.00000020.00020000.00000000.sdmp, Portal.msi, WixSharp.dll.5.dr, PDQConnectUpdater-0.3.0.msi.12.dr, MSI1F2D.tmp.1.dr, WixToolset.Dtf.WindowsInstaller.dll.4.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
Source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, Portal.msi, PDQConnectUpdater-0.3.0.msi.12.dr, pdqconnectagent-setup.exe.7.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA2562021CA1.crl0
Source: rundll32.exe, 00000004.00000003.2060074603.000001F96F002000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082240245.000001B489421000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2101046515.000001F0B0292000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2115010899.0000024569AF1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132284855.000001B2FB391000.00000004.00000020.00020000.00000000.sdmp, Portal.msi, WixSharp.dll.5.dr, PDQConnectUpdater-0.3.0.msi.12.dr, MSI1F2D.tmp.1.dr, WixToolset.Dtf.WindowsInstaller.dll.4.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
Source: powershell.exe, 00000012.00000002.2441964548.0000027C49D58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.microsoft.c
Source: powershell.exe, 00000012.00000002.2441964548.0000027C49D58000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.microsoft.ctain
Source: powershell.exe, 0000000E.00000002.2321295734.00000236BC14F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2336776852.00000236CA8FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2361843090.00000241818CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2406930107.000002419007D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2531039874.0000027C5A97D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2446101439.0000027C4C1CB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2705252077.000002191007C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2572142905.00000219018C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
Source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, Portal.msi, PDQConnectUpdater-0.3.0.msi.12.dr, pdqconnectagent-setup.exe.7.drString found in binary or memory: http://ocsp.digicert.com0
Source: rundll32.exe, 00000004.00000003.2060074603.000001F96F002000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082240245.000001B489421000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2101046515.000001F0B0292000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2115010899.0000024569AF1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132284855.000001B2FB391000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000003.2745757092.000001E3414D6000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000003.2752781027.000001E3414E1000.00000004.00000020.00020000.00000000.sdmp, Portal.msi, WixSharp.dll.5.dr, PDQConnectUpdater-0.3.0.msi.12.dr, MSI1F2D.tmp.1.dr, pdqconnectagent-setup.exe.7.dr, WixToolset.Dtf.WindowsInstaller.dll.4.drString found in binary or memory: http://ocsp.digicert.com0A
Source: rundll32.exe, 00000004.00000003.2060074603.000001F96F002000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082240245.000001B489421000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2101046515.000001F0B0292000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2115010899.0000024569AF1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132284855.000001B2FB391000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000003.2745757092.000001E3414D6000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000003.2752781027.000001E3414E1000.00000004.00000020.00020000.00000000.sdmp, Portal.msi, WixSharp.dll.5.dr, PDQConnectUpdater-0.3.0.msi.12.dr, MSI1F2D.tmp.1.dr, pdqconnectagent-setup.exe.7.dr, WixToolset.Dtf.WindowsInstaller.dll.4.drString found in binary or memory: http://ocsp.digicert.com0C
Source: rundll32.exe, 00000004.00000003.2060074603.000001F96F002000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082240245.000001B489421000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2101046515.000001F0B0292000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2115010899.0000024569AF1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132284855.000001B2FB391000.00000004.00000020.00020000.00000000.sdmp, Portal.msi, WixSharp.dll.5.dr, PDQConnectUpdater-0.3.0.msi.12.dr, MSI1F2D.tmp.1.dr, WixToolset.Dtf.WindowsInstaller.dll.4.drString found in binary or memory: http://ocsp.digicert.com0O
Source: rundll32.exe, 00000004.00000003.2060074603.000001F96F002000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082240245.000001B489421000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2101046515.000001F0B0292000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2115010899.0000024569AF1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132284855.000001B2FB391000.00000004.00000020.00020000.00000000.sdmp, Portal.msi, WixSharp.dll.5.dr, PDQConnectUpdater-0.3.0.msi.12.dr, MSI1F2D.tmp.1.dr, pdqconnectagent-setup.exe.7.dr, WixToolset.Dtf.WindowsInstaller.dll.4.drString found in binary or memory: http://ocsp.digicert.com0X
Source: powershell.exe, 00000015.00000002.2572142905.0000021901840000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2572142905.0000021900F8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 0000000E.00000002.2321295734.00000236BA881000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2361843090.0000024180001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2446101439.0000027C4A901000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2572142905.0000021900001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: WixSharp.dll.5.drString found in binary or memory: http://wixtoolset.org/schemas/v4/wxs
Source: WixSharp.dll.5.drString found in binary or memory: http://wixtoolset.org/schemas/v4/wxs/bal
Source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drString found in binary or memory: http://wixtoolset.org/schemas/v4/wxs/complus9WixToolset.Dependency.wixext
Source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drString found in binary or memory: http://wixtoolset.org/schemas/v4/wxs/dependency3WixToolset.DirectX.wixext
Source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drString found in binary or memory: http://wixtoolset.org/schemas/v4/wxs/dependencyXhttp://wixtoolset.org/schemas/v4/wxs/directx
Source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drString found in binary or memory: http://wixtoolset.org/schemas/v4/wxs/difxapp5WixToolset.Firewall.wixext
Source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drString found in binary or memory: http://wixtoolset.org/schemas/v4/wxs/difxappZhttp://wixtoolset.org/schemas/v4/wxs/firewallRhttp://wi
Source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drString found in binary or memory: http://wixtoolset.org/schemas/v4/wxs/directx
Source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drString found in binary or memory: http://wixtoolset.org/schemas/v4/wxs/firewall-WixToolset.Util.wixext
Source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drString found in binary or memory: http://wixtoolset.org/schemas/v4/wxs/http
Source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drString found in binary or memory: http://wixtoolset.org/schemas/v4/wxs/iis
Source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drString found in binary or memory: http://wixtoolset.org/schemas/v4/wxs/msmq3WixToolset.ComPlus.wixext
Source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drString found in binary or memory: http://wixtoolset.org/schemas/v4/wxs/netfx-WixToolset.Http.wixext
Source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drString found in binary or memory: http://wixtoolset.org/schemas/v4/wxs/powershell=WixToolset.VisualStudio.wixext
Source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drString found in binary or memory: http://wixtoolset.org/schemas/v4/wxs/powershellNhttp://wixtoolset.org/schemas/v4/wxs/vsRhttp://wixto
Source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drString found in binary or memory: http://wixtoolset.org/schemas/v4/wxs/sql/WixToolset.Netfx.wixext
Source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drString found in binary or memory: http://wixtoolset.org/schemas/v4/wxs/ui9WixToolset.PowerShell.wixext
Source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drString found in binary or memory: http://wixtoolset.org/schemas/v4/wxs/util
Source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drString found in binary or memory: http://wixtoolset.org/schemas/v4/wxs/vs-WixToolset.Msmq.wixext
Source: powershell.exe, 0000000E.00000002.2321295734.00000236BBC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2361843090.00000241813F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2446101439.0000027C4BDE2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2572142905.0000021900F8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 00000015.00000002.2572142905.0000021901840000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2572142905.0000021900F8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: rundll32.exe, 00000004.00000003.2060074603.000001F96F002000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082240245.000001B489421000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2101046515.000001F0B0292000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2115010899.0000024569AF1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132284855.000001B2FB391000.00000004.00000020.00020000.00000000.sdmp, Portal.msi, WixSharp.dll.5.dr, PDQConnectUpdater-0.3.0.msi.12.dr, MSI1F2D.tmp.1.dr, pdqconnectagent-setup.exe.7.dr, WixToolset.Dtf.WindowsInstaller.dll.4.drString found in binary or memory: http://www.digicert.com/CPS0
Source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drString found in binary or memory: http://www.test.com/xml/2015
Source: powershell.exe, 0000000E.00000002.2321295734.00000236BA881000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2361843090.0000024180001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2446101439.0000027C4A901000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2572142905.0000021900001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
Source: pdq-connect-agent.exe, 0000000C.00000002.3294770461.000001E341465000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000003.2745757092.000001E341465000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000003.2153265378.000001E341465000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000002.3295315075.000001E341975000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000002.3294770461.000001E3414B8000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000003.2745757092.000001E3414B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://app.pdq.com/
Source: PDQConnectAgent.db-journal.12.drString found in binary or memory: https://app.pdq.com/D
Source: pdq-connect-agent.exe.1.drString found in binary or memory: https://app.pdq.com/Hardcoded
Source: pdq-connect-agent.exe, 0000000C.00000002.3295315075.000001E341975000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://app.pdq.com/ul
Source: pdq-connect-agent.exe, 0000000C.00000002.3295182287.000001E3418E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://app.pdq.com/v1/devices/auth-challenge
Source: pdq-connect-agent.exe, 0000000C.00000002.3295182287.000001E3418E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://app.pdq.com/v1/devices/auth-challenge$
Source: pdq-connect-agent.exe, 0000000C.00000002.3295182287.000001E3418E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://app.pdq.com/v1/devices/auth-challenge0
Source: pdq-connect-agent.exe, 0000000C.00000002.3295182287.000001E3418E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://app.pdq.com/v1/devices/auth-challengel~
Source: pdq-connect-agent.exe, 0000000C.00000003.2753204165.000001E3414B9000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000003.2753013298.000001E341972000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000002.3294770461.000001E3414B8000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000003.2745757092.000001E3414B8000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000003.2752683448.000001E34196B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://app.pdq.com/v1/devices/register
Source: pdq-connect-agent.exe, 0000000C.00000003.2753204165.000001E3414B9000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000002.3294770461.000001E3414B8000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000003.2745757092.000001E3414B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://app.pdq.com/v1/devices/registeristration
Source: pdq-connect-agent.exe, 0000000C.00000002.3294419444.000001E340F96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://app.pdq.com/v1/devices/release-channels/stable/manifest.json
Source: pdq-connect-agent.exe, 0000000C.00000003.2152939224.000001E3414B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://app.pdq.com/v1/devices/release-channels/stable/manifest.jsonD
Source: powershell.exe, 00000015.00000002.2572142905.00000219018C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000015.00000002.2572142905.00000219018C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000015.00000002.2572142905.00000219018C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
Source: pdq-connect-agent.exe.1.drString found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-support
Source: powershell.exe, 00000015.00000002.2572142905.0000021901840000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2572142905.0000021900F8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
Source: pdq-connect-agent.exe.1.drString found in binary or memory: https://github.com/clap-rs/clap/issues
Source: pdq-connect-agent.exe, 0000000C.00000002.3295758131.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe, 0000000C.00000000.2139822757.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe.1.drString found in binary or memory: https://github.com/clap-rs/clap/issues/rustc/eeb90cda1969383f56a2637cbd3037bdf598841c
Source: pdq-connect-agent.exe, 0000000C.00000002.3295758131.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe, 0000000C.00000000.2139822757.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: https://github.com/clap-rs/clap/issues0#
Source: pdq-connect-agent.exe.1.drString found in binary or memory: https://github.com/clap-rs/clap/issues0#n
Source: pdq-connect-agent.exe.1.drString found in binary or memory: https://github.com/clap-rs/clap/issuesC:
Source: pdq-connect-agent.exe, 0000000C.00000002.3295758131.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe, 0000000C.00000000.2139822757.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe.1.drString found in binary or memory: https://github.com/clap-rs/clap/issuesx
Source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drString found in binary or memory: https://github.com/oleg-shilo/wixsharp/issues/1396#issuecomment-1849731522
Source: powershell.exe, 0000000E.00000002.2321295734.00000236BBBEF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2321295734.00000236BB80A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2361843090.0000024180F8F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2361843090.0000024181370000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2446101439.0000027C4B88A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2446101439.0000027C4BC6D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2446101439.0000027C4BA4B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2572142905.0000021900F8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
Source: powershell.exe, 0000000E.00000002.2321295734.00000236BC14F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2336776852.00000236CA8FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2361843090.00000241818CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2406930107.000002419007D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2531039874.0000027C5A97D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2446101439.0000027C4C1CB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2705252077.000002191007C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2572142905.00000219018C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
Source: pdq-connect-agent.exe, 0000000C.00000002.3294419444.000001E340F0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://o192192.ingest.sentry.io/api/6095569/envelope/
Source: pdq-connect-agent.exe, 0000000C.00000002.3294419444.000001E340F0C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://o192192.ingest.sentry.io/api/6095569/envelope/3
Source: powershell.exe, 0000000E.00000002.2321295734.00000236BBC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2361843090.00000241813F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2446101439.0000027C4BDE2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2572142905.0000021900F8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.org
Source: powershell.exe, 0000000E.00000002.2321295734.00000236BBC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2361843090.00000241813F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2446101439.0000027C4BDE2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2572142905.0000021900F8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneget.orgX
Source: pdq-connect-agent.exe, 0000000C.00000003.2152939224.000001E3414E6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pdqinstallers.e9d69694c3d8f7465fd531512c22bd0f.r2.cloudflarestorage.com/connect-agent/PDQCon
Source: rundll32.exe, 00000004.00000003.2060074603.000001F96F002000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082240245.000001B489421000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2101046515.000001F0B0292000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2115010899.0000024569AF1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132284855.000001B2FB391000.00000004.00000020.00020000.00000000.sdmp, Portal.msi, WixSharp.dll.5.dr, PDQConnectUpdater-0.3.0.msi.12.dr, MSI1F2D.tmp.1.dr, WixToolset.Dtf.WindowsInstaller.dll.4.drString found in binary or memory: https://wixtoolset.org/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49982 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49980 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
Source: unknownHTTPS traffic detected: 104.16.77.47:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 162.159.140.238:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.77.47:443 -> 192.168.2.5:49979 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.77.47:443 -> 192.168.2.5:49980 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.77.47:443 -> 192.168.2.5:49981 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.77.47:443 -> 192.168.2.5:49982 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.128.163.126:443 -> 192.168.2.5:49983 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.77.47:443 -> 192.168.2.5:49984 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.128.163.126:443 -> 192.168.2.5:49985 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.77.47:443 -> 192.168.2.5:49986 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.128.163.126:443 -> 192.168.2.5:49987 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.16.77.47:443 -> 192.168.2.5:49988 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.128.163.126:443 -> 192.168.2.5:49989 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands

barindex
Reads the Security eventlog
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\PDQConnectAgentJump to behavior
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\PDQConnectAgentJump to behavior
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\PDQ.comJump to behavior
Reads the System eventlog
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6a12c9.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI146E.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{F03416B2-8C97-4CC4-8578-5F6A58F3EB84}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1F2D.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1F3E.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1F6E.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2451.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI24EE.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2676.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2C05.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI328E.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3B87.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3BA8.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6a12cb.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6a12cb.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{F03416B2-8C97-4CC4-8578-5F6A58F3EB84}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{F03416B2-8C97-4CC4-8578-5F6A58F3EB84}\app_icon.icoJump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCAFF0EF70119428EDA813B551E8FF8FDE9Jump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCAFF0EF70119428EDA813B551E8FF8FDE9\WixSharp.dllJump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCAFF0EF70119428EDA813B551E8FF8FDE9\CustomAction.configJump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCAFF0EF70119428EDA813B551E8FF8FDE9\pdqconnectagent-setup.exeJump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCAFF0EF70119428EDA813B551E8FF8FDE9\WixToolset.Dtf.WindowsInstaller.dllJump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA9B20618A2F4D43A947D4DDC1A40E47B6Jump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA9B20618A2F4D43A947D4DDC1A40E47B6\WixSharp.dllJump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA9B20618A2F4D43A947D4DDC1A40E47B6\CustomAction.configJump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA9B20618A2F4D43A947D4DDC1A40E47B6\pdqconnectagent-setup.exeJump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA9B20618A2F4D43A947D4DDC1A40E47B6\WixToolset.Dtf.WindowsInstaller.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\wix{F03416B2-8C97-4CC4-8578-5F6A58F3EB84}.SchedServiceConfig.rmiJump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA363E23D38342B28859B2E30EB0910098Jump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA363E23D38342B28859B2E30EB0910098\pdqconnectagent-setup.exeJump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA363E23D38342B28859B2E30EB0910098\CustomAction.configJump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA363E23D38342B28859B2E30EB0910098\pdqconnectagent-setup.pdbJump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA363E23D38342B28859B2E30EB0910098\WixSharp.dllJump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA363E23D38342B28859B2E30EB0910098\WixToolset.Dtf.WindowsInstaller.dllJump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA87E78A4C484AC7BA8DC6E0B5627E7F20Jump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA87E78A4C484AC7BA8DC6E0B5627E7F20\pdqconnectagent-setup.exeJump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA87E78A4C484AC7BA8DC6E0B5627E7F20\CustomAction.configJump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA87E78A4C484AC7BA8DC6E0B5627E7F20\pdqconnectagent-setup.pdbJump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA87E78A4C484AC7BA8DC6E0B5627E7F20\WixSharp.dllJump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA87E78A4C484AC7BA8DC6E0B5627E7F20\WixToolset.Dtf.WindowsInstaller.dllJump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCABAC30776D64ECC5AFC62613A5E146B74Jump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCABAC30776D64ECC5AFC62613A5E146B74\pdqconnectagent-setup.exeJump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCABAC30776D64ECC5AFC62613A5E146B74\CustomAction.configJump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCABAC30776D64ECC5AFC62613A5E146B74\pdqconnectagent-setup.pdbJump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCABAC30776D64ECC5AFC62613A5E146B74\WixSharp.dllJump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCABAC30776D64ECC5AFC62613A5E146B74\WixToolset.Dtf.WindowsInstaller.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI146E.tmpJump to behavior
Source: C:\Windows\System32\rundll32.exeCode function: 4_3_00007FF848A46D654_3_00007FF848A46D65
Source: C:\Windows\System32\rundll32.exeCode function: 4_3_00007FF848A416104_3_00007FF848A41610
Source: C:\Windows\System32\rundll32.exeCode function: 4_3_00007FF848A437414_3_00007FF848A43741
Source: C:\Windows\System32\rundll32.exeCode function: 4_3_00007FF848A412F04_3_00007FF848A412F0
Source: C:\Windows\System32\rundll32.exeCode function: 4_3_00007FF848A412D04_3_00007FF848A412D0
Source: C:\Windows\System32\rundll32.exeCode function: 5_3_00007FF848A116105_3_00007FF848A11610
Source: C:\Windows\System32\rundll32.exeCode function: 5_3_00007FF848A137415_3_00007FF848A13741
Source: C:\Windows\System32\rundll32.exeCode function: 5_3_00007FF848A112F05_3_00007FF848A112F0
Source: C:\Windows\System32\rundll32.exeCode function: 5_3_00007FF848A112D05_3_00007FF848A112D0
Source: C:\Windows\System32\rundll32.exeCode function: 7_3_00007FF848A116107_3_00007FF848A11610
Source: C:\Windows\System32\rundll32.exeCode function: 7_3_00007FF848A112F07_3_00007FF848A112F0
Source: C:\Windows\System32\rundll32.exeCode function: 7_3_00007FF848A112D07_3_00007FF848A112D0
Source: C:\Windows\System32\rundll32.exeCode function: 7_3_00007FF848A151557_3_00007FF848A15155
Source: C:\Windows\System32\rundll32.exeCode function: 7_3_00007FF848A137417_3_00007FF848A13741
Source: C:\Windows\System32\rundll32.exeCode function: 8_3_00007FF848A051C58_3_00007FF848A051C5
Source: C:\Windows\System32\rundll32.exeCode function: 8_3_00007FF848A016108_3_00007FF848A01610
Source: C:\Windows\System32\rundll32.exeCode function: 8_3_00007FF848A012F08_3_00007FF848A012F0
Source: C:\Windows\System32\rundll32.exeCode function: 8_3_00007FF848A012D08_3_00007FF848A012D0
Source: C:\Windows\System32\rundll32.exeCode function: 8_3_00007FF848A037418_3_00007FF848A03741
Source: C:\Windows\System32\rundll32.exeCode function: 9_3_00007FF848A367099_3_00007FF848A36709
Source: C:\Windows\System32\rundll32.exeCode function: 9_3_00007FF848A352B59_3_00007FF848A352B5
Source: C:\Windows\System32\rundll32.exeCode function: 9_3_00007FF848A316109_3_00007FF848A31610
Source: C:\Windows\System32\rundll32.exeCode function: 9_3_00007FF848A337419_3_00007FF848A33741
Source: C:\Windows\System32\rundll32.exeCode function: 9_3_00007FF848A312F09_3_00007FF848A312F0
Source: C:\Windows\System32\rundll32.exeCode function: 9_3_00007FF848A312D09_3_00007FF848A312D0
Source: C:\Windows\System32\rundll32.exeCode function: 9_3_00007FF848A368319_3_00007FF848A36831
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 14_2_00007FF8489647FA14_2_00007FF8489647FA
Source: Joe Sandbox ViewDropped File: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe E545C996BBBFE3F969EF417744256A807BCC50983F606702B8A407FA781D199F
Source: C:\Windows\System32\rundll32.exeProcess token adjusted: SecurityJump to behavior
Source: Portal.msiBinary or memory string: OriginalFilenameutilca.dll8 vs Portal.msi
Source: Portal.msiBinary or memory string: OriginalFilenamepdqconnectagent-setup.exeL vs Portal.msi
Source: Portal.msiBinary or memory string: OriginalFilenameSfxCA.dll8 vs Portal.msi
Source: Portal.msiBinary or memory string: OriginalFilenameWixSharp.dll2 vs Portal.msi
Source: pdq-connect-agent.exe.1.drBinary string: poisonedAfdPollInfo\Device\Afd\Mio
Source: pdq-connect-agent.exe.1.drBinary string: Failed to open \Device\Afd\Mio:
Source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drBinary or memory string: publish!wix.tools.csproj
Source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.2145240567.000001B280001000.00000004.00000800.00020000.00000000.sdmp, WixSharp.dll.5.drBinary or memory string: .csproj
Source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drBinary or memory string: *.csprojwix\.wxi?Error: Cannot find UI project `
Source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drBinary or memory string: .aot.csproj
Source: classification engineClassification label: mal64.troj.evad.winMSI@31/77@4/3
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\PDQJump to behavior
Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rundll32.exe.logJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\rundll32.exeMutant created: \Sessions\1\BaseNamedObjects\Global\netfxeventlog.1.0
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5492:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6392:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5276:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:2076:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:1396:120:WilError_03
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF9BE1662B759EAFF5.TMPJump to behavior
Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI146E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6952171 2 WixSharp!WixSharp.ManagedProjectActions.WixSharp_InitRuntime_Action
Source: pdq-connect-agent.exe, 0000000C.00000002.3295758131.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe, 0000000C.00000000.2139822757.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe.1.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: pdq-connect-agent.exe, 0000000C.00000002.3295758131.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe, 0000000C.00000000.2139822757.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe.1.drBinary or memory string: INSERT OR REPLACE INTO updates (product, version, last_try) VALUES (?, ?, CURRENT_TIMESTAMP);src\events\events_queue.rsSuccessfully read events from DB
Source: pdq-connect-agent.exe, 0000000C.00000002.3295758131.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe, 0000000C.00000000.2139822757.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe.1.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: pdq-connect-agent.exe, 0000000C.00000002.3295758131.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe, 0000000C.00000000.2139822757.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe.1.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: pdq-connect-agent.exe, 0000000C.00000002.3295758131.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe, 0000000C.00000000.2139822757.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe.1.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: pdq-connect-agent.exe, 0000000C.00000002.3295758131.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe, 0000000C.00000000.2139822757.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe.1.drBinary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
Source: pdq-connect-agent.exe, 0000000C.00000002.3295758131.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe, 0000000C.00000000.2139822757.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe.1.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: pdq-connect-agent.exe, 0000000C.00000002.3295758131.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe, 0000000C.00000000.2139822757.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe.1.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: pdq-connect-agent.exe, 0000000C.00000002.3294770461.000001E3414B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT value FROM settings WHERE key = ?;
Source: pdq-connect-agent.exe, 0000000C.00000002.3295758131.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe, 0000000C.00000000.2139822757.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe.1.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: pdq-connect-agent.exe, 0000000C.00000002.3295758131.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe, 0000000C.00000000.2139822757.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe.1.drBinary or memory string: SELECT step FROM WHERE id = ?;
Source: Portal.msiStatic file information: TRID: Microsoft Windows Installer (60509/1) 57.88%
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Portal.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 6CC2AEC21F9691D9400C52C3CC91B334
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI146E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6952171 2 WixSharp!WixSharp.ManagedProjectActions.WixSharp_InitRuntime_Action
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI1F6E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6954890 16 WixSharp!WixSharp.ManagedProjectActions.WixSharp_BeforeInstall_Action
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding F809AF2B04EF2DCECEB62F05202EAA97 E Global\MSI0000
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI2676.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6956718 38 pdqconnectagent-setup!pdqconnectagent_setup.CustomActions.CreateEventSource
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI328E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6959781 50 pdqconnectagent-setup!pdqconnectagent_setup.CustomActions.StartService
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\system32\sc.exe" start "PDQConnectAgent"
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe "C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe" --service
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command -
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 6CC2AEC21F9691D9400C52C3CC91B334Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding F809AF2B04EF2DCECEB62F05202EAA97 E Global\MSI0000Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI146E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6952171 2 WixSharp!WixSharp.ManagedProjectActions.WixSharp_InitRuntime_ActionJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI1F6E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6954890 16 WixSharp!WixSharp.ManagedProjectActions.WixSharp_BeforeInstall_ActionJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI2676.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6956718 38 pdqconnectagent-setup!pdqconnectagent_setup.CustomActions.CreateEventSourceJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI2C05.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6958093 44 pdqconnectagent-setup!pdqconnectagent_setup.CustomActions.WriteTokenJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI328E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6959781 50 pdqconnectagent-setup!pdqconnectagent_setup.CustomActions.StartServiceJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\system32\sc.exe" start "PDQConnectAgent"Jump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command -Jump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command -Jump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command -Jump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command -Jump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: activeds.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: adsldpc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: activeds.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: adsldpc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: activeds.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: adsldpc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: activeds.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: adsldpc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: activeds.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: adsldpc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: logoncli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: schannel.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: cryptnet.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: windows.globalization.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: icu.dllJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\PDQJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\PDQ\PDQConnectAgentJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\PDQ\PDQConnectAgent\LICENSE.htmlJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F03416B2-8C97-4CC4-8578-5F6A58F3EB84}Jump to behavior
Source: Portal.msiStatic file information: File size 4946944 > 1048576
Source: Binary string: D:\dev\wixsharp-wix4\Source\src\WixSharp\obj\Release\WixSharp.pdbt~ source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.dr
Source: Binary string: \??\C:\Windows\Installer\SFXCA363E23D38342B28859B2E30EB0910098\pdqconnectagent-setup.pdbm source: rundll32.exe, 00000007.00000002.2111161917.000001F0B0268000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Installer\SFXCABAC30776D64ECC5AFC62613A5E146B74\pdqconnectagent-setup.pdbll source: rundll32.exe, 00000009.00000002.2145984383.000001B2FB360000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pdqconnectupdater-setup.pdb source: PDQConnectUpdater-0.3.0.msi.12.dr
Source: Binary string: WixToolset.Dtf.WindowsInstaller.pdbSHA256 source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixToolset.Dtf.WindowsInstaller.dll.4.dr
Source: Binary string: D:\dev\wixsharp-wix4\Source\src\WixSharp\obj\Release\WixSharp.pdb source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.dr
Source: Binary string: D:\a\wix\wix\build\dtf\Release\x64\SfxCA.pdb source: Portal.msi, PDQConnectUpdater-0.3.0.msi.12.dr, MSI1F2D.tmp.1.dr, MSI328E.tmp.1.dr
Source: Binary string: pdqconnectagent-setup.pdb source: Portal.msi, MSI1F2D.tmp.1.dr, MSI328E.tmp.1.dr
Source: Binary string: D:\a\wix4\wix4\build\api\Release\v143\x86\mbanative.pdb source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.dr
Source: Binary string: \??\C:\Windows\Installer\SFXCA87E78A4C484AC7BA8DC6E0B5627E7F20\pdqconnectagent-setup.pdblH source: rundll32.exe, 00000008.00000002.2125319285.0000024569AC0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\wix\wix\build\Util.wixext\Release\x64\utilca.pdb source: Portal.msi, PDQConnectUpdater-0.3.0.msi.12.dr, MSI1F2D.tmp.1.dr
Source: Binary string: D:\a\rover\rover\wix\pdqconnectagent-setup\obj\Release\pdqconnectagent-setup.pdb source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, pdqconnectagent-setup.exe.7.dr
Source: Binary string: cscs.exe.pdb!Build_CA_DLL.cmd source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.dr
Source: Binary string: Yqw pdqconnectupdater-setup.pdbh source: PDQConnectUpdater-0.3.0.msi.12.dr
Source: Binary string: WixToolset.Dtf.WindowsInstaller.pdb source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixToolset.Dtf.WindowsInstaller.dll.4.dr
Source: Binary string: PDQCON~1.PDBpdqconnectagent-setup.pdbx source: rundll32.exe, 00000008.00000002.2125319285.0000024569B62000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d1YKt pdqconnectagent-setup.pdbh source: Portal.msi, MSI1F2D.tmp.1.dr, MSI328E.tmp.1.dr
Source: Binary string: pdq_connect_agent.pdb source: pdq-connect-agent.exe, 0000000C.00000002.3295758131.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe, 0000000C.00000000.2139822757.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe.1.dr
Source: Binary string: D:\a\rover\rover\wix\pdqconnectagent-setup\obj\Release\pdqconnectagent-setup.pdb=MWM IM_CorExeMainmscoree.dll source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, pdqconnectagent-setup.exe.7.dr
Source: pdqconnectagent-setup.exe.4.drStatic PE information: 0xBDE62C11 [Tue Dec 16 17:59:45 2070 UTC]
Source: C:\Windows\System32\rundll32.exeCode function: 5_3_00007FF848A13D95 push FFFFFFE8h; ret 5_3_00007FF848A13DF9
Source: C:\Windows\System32\rundll32.exeCode function: 5_3_00007FF848A17DC2 pushad ; ret 5_3_00007FF848A17DD1
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI24EE.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3B87.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3BA8.tmpJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA87E78A4C484AC7BA8DC6E0B5627E7F20\WixToolset.Dtf.WindowsInstaller.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI146E.tmpJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCAFF0EF70119428EDA813B551E8FF8FDE9\WixToolset.Dtf.WindowsInstaller.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1F3E.tmpJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA9B20618A2F4D43A947D4DDC1A40E47B6\WixSharp.dllJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA9B20618A2F4D43A947D4DDC1A40E47B6\WixToolset.Dtf.WindowsInstaller.dllJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA363E23D38342B28859B2E30EB0910098\WixToolset.Dtf.WindowsInstaller.dllJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCABAC30776D64ECC5AFC62613A5E146B74\WixSharp.dllJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCAFF0EF70119428EDA813B551E8FF8FDE9\pdqconnectagent-setup.exeJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA363E23D38342B28859B2E30EB0910098\WixSharp.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA363E23D38342B28859B2E30EB0910098\pdqconnectagent-setup.exeJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCAFF0EF70119428EDA813B551E8FF8FDE9\WixSharp.dllJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA87E78A4C484AC7BA8DC6E0B5627E7F20\pdqconnectagent-setup.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI328E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2451.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2676.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1F6E.tmpJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCABAC30776D64ECC5AFC62613A5E146B74\WixToolset.Dtf.WindowsInstaller.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2C05.tmpJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA87E78A4C484AC7BA8DC6E0B5627E7F20\WixSharp.dllJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA9B20618A2F4D43A947D4DDC1A40E47B6\pdqconnectagent-setup.exeJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCABAC30776D64ECC5AFC62613A5E146B74\pdqconnectagent-setup.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI24EE.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3B87.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI3BA8.tmpJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA87E78A4C484AC7BA8DC6E0B5627E7F20\WixToolset.Dtf.WindowsInstaller.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI146E.tmpJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCAFF0EF70119428EDA813B551E8FF8FDE9\WixToolset.Dtf.WindowsInstaller.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1F3E.tmpJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA9B20618A2F4D43A947D4DDC1A40E47B6\WixSharp.dllJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA9B20618A2F4D43A947D4DDC1A40E47B6\WixToolset.Dtf.WindowsInstaller.dllJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA363E23D38342B28859B2E30EB0910098\WixToolset.Dtf.WindowsInstaller.dllJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCABAC30776D64ECC5AFC62613A5E146B74\WixSharp.dllJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCAFF0EF70119428EDA813B551E8FF8FDE9\pdqconnectagent-setup.exeJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA363E23D38342B28859B2E30EB0910098\WixSharp.dllJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA363E23D38342B28859B2E30EB0910098\pdqconnectagent-setup.exeJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCAFF0EF70119428EDA813B551E8FF8FDE9\WixSharp.dllJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA87E78A4C484AC7BA8DC6E0B5627E7F20\pdqconnectagent-setup.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI328E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2451.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2676.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI1F6E.tmpJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCABAC30776D64ECC5AFC62613A5E146B74\WixToolset.Dtf.WindowsInstaller.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2C05.tmpJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA87E78A4C484AC7BA8DC6E0B5627E7F20\WixSharp.dllJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCA9B20618A2F4D43A947D4DDC1A40E47B6\pdqconnectagent-setup.exeJump to dropped file
Source: C:\Windows\System32\rundll32.exeFile created: C:\Windows\Installer\SFXCABAC30776D64ECC5AFC62613A5E146B74\pdqconnectagent-setup.exeJump to dropped file
Source: C:\Windows\System32\rundll32.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\PDQ.comJump to behavior
Source: C:\Windows\System32\rundll32.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\PDQ.comJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\system32\sc.exe" start "PDQConnectAgent"

Hooking and other Techniques for Hiding and Protection

barindex
Loading BitLocker PowerShell Module
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4921
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4904
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8249
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1512
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5392
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3896
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7383
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2348
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI24EE.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI3B87.tmpJump to dropped file
Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\SFXCA87E78A4C484AC7BA8DC6E0B5627E7F20\WixToolset.Dtf.WindowsInstaller.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI3BA8.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI146E.tmpJump to dropped file
Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\SFXCAFF0EF70119428EDA813B551E8FF8FDE9\WixToolset.Dtf.WindowsInstaller.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1F3E.tmpJump to dropped file
Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\SFXCA9B20618A2F4D43A947D4DDC1A40E47B6\WixToolset.Dtf.WindowsInstaller.dllJump to dropped file
Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\SFXCA363E23D38342B28859B2E30EB0910098\WixToolset.Dtf.WindowsInstaller.dllJump to dropped file
Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\SFXCA9B20618A2F4D43A947D4DDC1A40E47B6\WixSharp.dllJump to dropped file
Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\SFXCABAC30776D64ECC5AFC62613A5E146B74\WixSharp.dllJump to dropped file
Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\SFXCAFF0EF70119428EDA813B551E8FF8FDE9\pdqconnectagent-setup.exeJump to dropped file
Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\SFXCA363E23D38342B28859B2E30EB0910098\WixSharp.dllJump to dropped file
Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\SFXCA363E23D38342B28859B2E30EB0910098\pdqconnectagent-setup.exeJump to dropped file
Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\SFXCAFF0EF70119428EDA813B551E8FF8FDE9\WixSharp.dllJump to dropped file
Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\SFXCA87E78A4C484AC7BA8DC6E0B5627E7F20\pdqconnectagent-setup.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI328E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI1F6E.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2451.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2676.tmpJump to dropped file
Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\SFXCABAC30776D64ECC5AFC62613A5E146B74\WixToolset.Dtf.WindowsInstaller.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2C05.tmpJump to dropped file
Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\SFXCA87E78A4C484AC7BA8DC6E0B5627E7F20\WixSharp.dllJump to dropped file
Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\SFXCA9B20618A2F4D43A947D4DDC1A40E47B6\pdqconnectagent-setup.exeJump to dropped file
Source: C:\Windows\System32\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\SFXCABAC30776D64ECC5AFC62613A5E146B74\pdqconnectagent-setup.exeJump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1992Thread sleep count: 4921 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1992Thread sleep count: 4904 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6756Thread sleep time: -5534023222112862s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6020Thread sleep count: 8249 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6020Thread sleep count: 1512 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5240Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5700Thread sleep count: 5392 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5700Thread sleep count: 3896 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3332Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6644Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2292Thread sleep count: 7383 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2292Thread sleep count: 2348 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6624Thread sleep time: -4611686018427385s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
Source: pdq-connect-agent.exe, 0000000C.00000002.3294770461.000001E341465000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000003.2745757092.000001E341465000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000003.2152939224.000001E341479000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll.
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
Source: C:\Windows\System32\rundll32.exeMemory allocated: page read and write | page guardJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Bypasses PowerShell execution policy
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command -
Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\system32\sc.exe" start "PDQConnectAgent"Jump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command -Jump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command -Jump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command -Jump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command -Jump to behavior
Source: rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\SFXCAFF0EF70119428EDA813B551E8FF8FDE9\WixToolset.Dtf.WindowsInstaller.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\SFXCAFF0EF70119428EDA813B551E8FF8FDE9\WixSharp.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\SFXCA9B20618A2F4D43A947D4DDC1A40E47B6\WixToolset.Dtf.WindowsInstaller.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\SFXCA9B20618A2F4D43A947D4DDC1A40E47B6\WixSharp.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\SFXCA9B20618A2F4D43A947D4DDC1A40E47B6\pdqconnectagent-setup.exe VolumeInformationJump to behavior
Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\SFXCA363E23D38342B28859B2E30EB0910098\WixToolset.Dtf.WindowsInstaller.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\SFXCA363E23D38342B28859B2E30EB0910098\pdqconnectagent-setup.exe VolumeInformationJump to behavior
Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\SFXCA363E23D38342B28859B2E30EB0910098\WixSharp.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\SFXCA87E78A4C484AC7BA8DC6E0B5627E7F20\WixToolset.Dtf.WindowsInstaller.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\SFXCA87E78A4C484AC7BA8DC6E0B5627E7F20\pdqconnectagent-setup.exe VolumeInformationJump to behavior
Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\SFXCA87E78A4C484AC7BA8DC6E0B5627E7F20\WixSharp.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\SFXCABAC30776D64ECC5AFC62613A5E146B74\WixToolset.Dtf.WindowsInstaller.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\SFXCABAC30776D64ECC5AFC62613A5E146B74\pdqconnectagent-setup.exe VolumeInformationJump to behavior
Source: C:\Windows\System32\rundll32.exeQueries volume information: C:\Windows\Installer\SFXCABAC30776D64ECC5AFC62613A5E146B74\WixSharp.dll VolumeInformationJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeQueries volume information: C:\ProgramData\PDQ\PDQConnectAgent\token VolumeInformationJump to behavior
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeQueries volume information: C:\ProgramData\PDQ\PDQConnectAgent\token VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure.CimCmdlets\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.CimCmdlets.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exeCode function: 12_2_00007FF78CF6F928 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,12_2_00007FF78CF6F928
Source: C:\Windows\System32\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		2
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
Disable or Modify Tools		OS Credential Dumping1
System Time Discovery		Remote Services11
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Service Execution		22
Windows Service		22
Windows Service		1
Obfuscated Files or Information		LSASS Memory11
Peripheral Device Discovery		Remote Desktop ProtocolData from Removable Media11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts1
PowerShell		Logon Script (Windows)12
Process Injection		1
Timestomp		Security Account Manager34
System Information Discovery		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS1
Query Registry		Distributed Component Object ModelInput Capture14
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
File Deletion		LSA Secrets11
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts23
Masquerading		Cached Domain Credentials2
Process Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
Virtualization/Sandbox Evasion		DCSync31
Virtualization/Sandbox Evasion		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
Process Injection		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
Rundll32		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1527957 Sample: Portal.msi Startdate: 07/10/2024 Architecture: WINDOWS Score: 64 81 pdqinstallers.e9d69694c3d8f7465fd531512c22bd0f.r2.cloudflarestorage.com 2->81 83 websocket.app.pdq.com 2->83 85 app.pdq.com 2->85 95 Bypasses PowerShell execution policy 2->95 97 AI detected suspicious sample 2->97 10 pdq-connect-agent.exe 7 2->10         started        13 msiexec.exe 82 44 2->13         started        16 msiexec.exe 5 2->16         started        signatures3 99 Queries the IP of a very long domain name 81->99 process4 dnsIp5 87 pdqinstallers.e9d69694c3d8f7465fd531512c22bd0f.r2.cloudflarestorage.com 162.159.140.238, 443, 49706 CLOUDFLARENETUS United States 10->87 89 app.pdq.com 104.16.77.47, 443, 49705, 49979 CLOUDFLARENETUS United States 10->89 91 websocket.app.pdq.com 34.128.163.126, 443, 49983, 49985 ATGS-MMD-ASUS United States 10->91 18 powershell.exe 10->18         started        21 powershell.exe 10->21         started        23 powershell.exe 10->23         started        25 powershell.exe 10->25         started        73 C:\Program Files\...\pdq-connect-agent.exe, PE32+ 13->73 dropped 75 C:\Windows\Installer\MSI3BA8.tmp, PE32+ 13->75 dropped 77 C:\Windows\Installer\MSI3B87.tmp, PE32+ 13->77 dropped 79 8 other files (none is malicious) 13->79 dropped 27 msiexec.exe 1 13->27         started        29 msiexec.exe 13->29         started        file6 process7 signatures8 93 Loading BitLocker PowerShell Module 18->93 31 conhost.exe 18->31         started        33 conhost.exe 21->33         started        35 conhost.exe 23->35         started        37 conhost.exe 25->37         started        39 rundll32.exe 4 7 27->39         started        43 rundll32.exe 7 27->43         started        45 rundll32.exe 10 27->45         started        47 rundll32.exe 7 29->47         started        49 rundll32.exe 6 29->49         started        process9 file10 67 3 other files (none is malicious) 39->67 dropped 101 Reads the Security eventlog 39->101 103 Reads the System eventlog 39->103 55 C:\Windows\...\pdqconnectagent-setup.exe, PE32 43->55 dropped 57 C:\...\WixToolset.Dtf.WindowsInstaller.dll, PE32 43->57 dropped 59 C:\Windows\Installer\...\WixSharp.dll, PE32 43->59 dropped 51 sc.exe 1 43->51         started        69 3 other files (none is malicious) 45->69 dropped 61 C:\Windows\...\pdqconnectagent-setup.exe, PE32 47->61 dropped 63 C:\...\WixToolset.Dtf.WindowsInstaller.dll, PE32 47->63 dropped 65 C:\Windows\Installer\...\WixSharp.dll, PE32 47->65 dropped 71 3 other files (none is malicious) 49->71 dropped signatures11 process12 process13 53 conhost.exe 51->53         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Portal.msi0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe0%ReversingLabs
C:\Windows\Installer\MSI146E.tmp0%ReversingLabs
C:\Windows\Installer\MSI1F3E.tmp0%ReversingLabs
C:\Windows\Installer\MSI1F6E.tmp0%ReversingLabs
C:\Windows\Installer\MSI2451.tmp0%ReversingLabs
C:\Windows\Installer\MSI24EE.tmp0%ReversingLabs
C:\Windows\Installer\MSI2676.tmp0%ReversingLabs
C:\Windows\Installer\MSI2C05.tmp0%ReversingLabs
C:\Windows\Installer\MSI328E.tmp0%ReversingLabs
C:\Windows\Installer\MSI3B87.tmp0%ReversingLabs
C:\Windows\Installer\MSI3BA8.tmp0%ReversingLabs
C:\Windows\Installer\SFXCA363E23D38342B28859B2E30EB0910098\WixSharp.dll0%ReversingLabs
C:\Windows\Installer\SFXCA363E23D38342B28859B2E30EB0910098\WixToolset.Dtf.WindowsInstaller.dll0%ReversingLabs
C:\Windows\Installer\SFXCA363E23D38342B28859B2E30EB0910098\pdqconnectagent-setup.exe0%ReversingLabs
C:\Windows\Installer\SFXCA87E78A4C484AC7BA8DC6E0B5627E7F20\WixSharp.dll0%ReversingLabs
C:\Windows\Installer\SFXCA87E78A4C484AC7BA8DC6E0B5627E7F20\WixToolset.Dtf.WindowsInstaller.dll0%ReversingLabs
C:\Windows\Installer\SFXCA87E78A4C484AC7BA8DC6E0B5627E7F20\pdqconnectagent-setup.exe0%ReversingLabs
C:\Windows\Installer\SFXCA9B20618A2F4D43A947D4DDC1A40E47B6\WixSharp.dll0%ReversingLabs
C:\Windows\Installer\SFXCA9B20618A2F4D43A947D4DDC1A40E47B6\WixToolset.Dtf.WindowsInstaller.dll0%ReversingLabs
C:\Windows\Installer\SFXCA9B20618A2F4D43A947D4DDC1A40E47B6\pdqconnectagent-setup.exe0%ReversingLabs
C:\Windows\Installer\SFXCABAC30776D64ECC5AFC62613A5E146B74\WixSharp.dll0%ReversingLabs
C:\Windows\Installer\SFXCABAC30776D64ECC5AFC62613A5E146B74\WixToolset.Dtf.WindowsInstaller.dll0%ReversingLabs
C:\Windows\Installer\SFXCABAC30776D64ECC5AFC62613A5E146B74\pdqconnectagent-setup.exe0%ReversingLabs
C:\Windows\Installer\SFXCAFF0EF70119428EDA813B551E8FF8FDE9\WixSharp.dll0%ReversingLabs
C:\Windows\Installer\SFXCAFF0EF70119428EDA813B551E8FF8FDE9\WixToolset.Dtf.WindowsInstaller.dll0%ReversingLabs
C:\Windows\Installer\SFXCAFF0EF70119428EDA813B551E8FF8FDE9\pdqconnectagent-setup.exe0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://contoso.com/License0%URL Reputationsafe
https://contoso.com/0%URL Reputationsafe
https://nuget.org/nuget.exe0%URL Reputationsafe
https://oneget.orgX0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
http://nuget.org/NuGet.exe0%URL Reputationsafe
http://pesterbdd.com/images/Pester.png0%URL Reputationsafe
https://go.micro0%URL Reputationsafe
https://contoso.com/Icon0%URL Reputationsafe
https://aka.ms/pscore680%URL Reputationsafe
https://oneget.org0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
pdqinstallers.e9d69694c3d8f7465fd531512c22bd0f.r2.cloudflarestorage.com
162.159.140.238
truetrue
    		unknown
    app.pdq.com
    		104.16.77.47
    		truefalse
      		unknown
      websocket.app.pdq.com
      		34.128.163.126
      		truefalse
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        https://websocket.app.pdq.com:443/v1/devices/socket/websocket?device_id=dvc_cf03d73e6c6b34abc8bc8409f8ee13c1false
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://app.pdq.com/v1/devices/release-channels/stable/manifest.jsonDpdq-connect-agent.exe, 0000000C.00000003.2152939224.000001E3414B8000.00000004.00000020.00020000.00000000.sdmpfalse
            		unknown
            http://wixtoolset.org/schemas/v4/wxs/netfx-WixToolset.Http.wixextrundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drfalse
              		unknown
              http://wixtoolset.org/schemas/v4/wxs/difxappZhttp://wixtoolset.org/schemas/v4/wxs/firewallRhttp://wirundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drfalse
                		unknown
                http://wixtoolset.org/schemas/v4/wxs/powershellNhttp://wixtoolset.org/schemas/v4/wxs/vsRhttp://wixtorundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drfalse
                  		unknown
                  https://contoso.com/Licensepowershell.exe, 00000015.00000002.2572142905.00000219018C6000.00000004.00000800.00020000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  https://docs.rs/getrandom#nodejs-es-module-supportpdq-connect-agent.exe.1.drfalse
                    		unknown
                    http://wixtoolset.org/schemas/v4/wxs/vs-WixToolset.Msmq.wixextrundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drfalse
                      		unknown
                      https://app.pdq.com/Hardcodedpdq-connect-agent.exe.1.drfalse
                        		unknown
                        https://app.pdq.com/v1/devices/registeristrationpdq-connect-agent.exe, 0000000C.00000003.2753204165.000001E3414B9000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000002.3294770461.000001E3414B8000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000003.2745757092.000001E3414B8000.00000004.00000020.00020000.00000000.sdmpfalse
                          		unknown
                          http://wixtoolset.org/schemas/v4/wxs/difxapp5WixToolset.Firewall.wixextrundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drfalse
                            		unknown
                            https://pdqinstallers.e9d69694c3d8f7465fd531512c22bd0f.r2.cloudflarestorage.com/connect-agent/PDQConpdq-connect-agent.exe, 0000000C.00000003.2152939224.000001E3414E6000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              https://github.com/clap-rs/clap/issuespdq-connect-agent.exe.1.drfalse
                                		unknown
                                http://wixtoolset.org/schemas/v4/wxs/dependency3WixToolset.DirectX.wixextrundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drfalse
                                  		unknown
                                  http://wixtoolset.org/schemas/v4/wxs/ui9WixToolset.PowerShell.wixextrundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drfalse
                                    		unknown
                                    https://app.pdq.com/v1/devices/release-channels/stable/manifest.jsonpdq-connect-agent.exe, 0000000C.00000002.3294419444.000001E340F96000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://github.com/clap-rs/clap/issues0#pdq-connect-agent.exe, 0000000C.00000002.3295758131.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe, 0000000C.00000000.2139822757.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmpfalse
                                        		unknown
                                        https://contoso.com/powershell.exe, 00000015.00000002.2572142905.00000219018C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://nuget.org/nuget.exepowershell.exe, 0000000E.00000002.2321295734.00000236BC14F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2336776852.00000236CA8FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2361843090.00000241818CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2406930107.000002419007D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2531039874.0000027C5A97D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2446101439.0000027C4C1CB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2705252077.000002191007C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2572142905.00000219018C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://app.pdq.com/DPDQConnectAgent.db-journal.12.drfalse
                                          		unknown
                                          https://oneget.orgXpowershell.exe, 0000000E.00000002.2321295734.00000236BBC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2361843090.00000241813F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2446101439.0000027C4BDE2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2572142905.0000021900F8A000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://wixtoolset.org/schemas/v4/wxs/iisrundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drfalse
                                            		unknown
                                            https://app.pdq.com/pdq-connect-agent.exe, 0000000C.00000002.3294770461.000001E341465000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000003.2745757092.000001E341465000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000003.2153265378.000001E341465000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000002.3295315075.000001E341975000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000002.3294770461.000001E3414B8000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000003.2745757092.000001E3414B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://github.com/clap-rs/clap/issues/rustc/eeb90cda1969383f56a2637cbd3037bdf598841cpdq-connect-agent.exe, 0000000C.00000002.3295758131.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe, 0000000C.00000000.2139822757.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe.1.drfalse
                                                		unknown
                                                https://app.pdq.com/v1/devices/auth-challengepdq-connect-agent.exe, 0000000C.00000002.3295182287.000001E3418E3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://wixtoolset.org/schemas/v4/wxs/firewall-WixToolset.Util.wixextrundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drfalse
                                                    		unknown
                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 0000000E.00000002.2321295734.00000236BA881000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2361843090.0000024180001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2446101439.0000027C4A901000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2572142905.0000021900001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://app.pdq.com/v1/devices/auth-challenge0pdq-connect-agent.exe, 0000000C.00000002.3295182287.000001E3418E3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://nuget.org/NuGet.exepowershell.exe, 0000000E.00000002.2321295734.00000236BC14F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2336776852.00000236CA8FE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2361843090.00000241818CE000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2406930107.000002419007D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2531039874.0000027C5A97D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2446101439.0000027C4C1CB000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2705252077.000002191007C000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2572142905.00000219018C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.apache.org/licenses/LICENSE-2.0powershell.exe, 0000000E.00000002.2321295734.00000236BBC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2361843090.00000241813F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2446101439.0000027C4BDE2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2572142905.0000021900F8A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://github.com/clap-rs/clap/issuesC:pdq-connect-agent.exe.1.drfalse
                                                          		unknown
                                                          https://app.pdq.com/v1/devices/auth-challenge$pdq-connect-agent.exe, 0000000C.00000002.3295182287.000001E3418E3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://app.pdq.com/v1/devices/auth-challengel~pdq-connect-agent.exe, 0000000C.00000002.3295182287.000001E3418E3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000015.00000002.2572142905.0000021901840000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2572142905.0000021900F8A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://wixtoolset.org/schemas/v4/wxs/directxrundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drfalse
                                                                		unknown
                                                                https://github.com/clap-rs/clap/issues0#npdq-connect-agent.exe.1.drfalse
                                                                  		unknown
                                                                  http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000015.00000002.2572142905.0000021901840000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2572142905.0000021900F8A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://go.micropowershell.exe, 0000000E.00000002.2321295734.00000236BBBEF000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000000E.00000002.2321295734.00000236BB80A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2361843090.0000024180F8F000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2361843090.0000024181370000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2446101439.0000027C4B88A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2446101439.0000027C4BC6D000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2446101439.0000027C4BA4B000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2572142905.0000021900F8A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://wixtoolset.org/schemas/v4/wxs/balWixSharp.dll.5.drfalse
                                                                      		unknown
                                                                      https://contoso.com/Iconpowershell.exe, 00000015.00000002.2572142905.00000219018C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://app.pdq.com/ulpdq-connect-agent.exe, 0000000C.00000002.3295315075.000001E341975000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://o192192.ingest.sentry.io/api/6095569/envelope/pdq-connect-agent.exe, 0000000C.00000002.3294419444.000001E340F0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          http://wixtoolset.org/schemas/v4/wxs/msmq3WixToolset.ComPlus.wixextrundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drfalse
                                                                            		unknown
                                                                            https://github.com/Pester/Pesterpowershell.exe, 00000015.00000002.2572142905.0000021901840000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2572142905.0000021900F8A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              http://wixtoolset.org/schemas/v4/wxs/dependencyXhttp://wixtoolset.org/schemas/v4/wxs/directxrundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drfalse
                                                                                		unknown
                                                                                https://github.com/clap-rs/clap/issuesxpdq-connect-agent.exe, 0000000C.00000002.3295758131.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe, 0000000C.00000000.2139822757.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmp, pdq-connect-agent.exe.1.drfalse
                                                                                  		unknown
                                                                                  https://app.pdq.com/v1/devices/registerpdq-connect-agent.exe, 0000000C.00000003.2753204165.000001E3414B9000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000003.2753013298.000001E341972000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000002.3294770461.000001E3414B8000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000003.2745757092.000001E3414B8000.00000004.00000020.00020000.00000000.sdmp, pdq-connect-agent.exe, 0000000C.00000003.2752683448.000001E34196B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://github.com/oleg-shilo/wixsharp/issues/1396#issuecomment-1849731522rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drfalse
                                                                                      		unknown
                                                                                      http://wixtoolset.org/schemas/v4/wxs/powershell=WixToolset.VisualStudio.wixextrundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drfalse
                                                                                        		unknown
                                                                                        http://wixtoolset.org/schemas/v4/wxs/complus9WixToolset.Dependency.wixextrundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drfalse
                                                                                          		unknown
                                                                                          http://wixtoolset.org/schemas/v4/wxsWixSharp.dll.5.drfalse
                                                                                            		unknown
                                                                                            https://wixtoolset.org/rundll32.exe, 00000004.00000003.2060074603.000001F96F002000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082240245.000001B489421000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2101046515.000001F0B0292000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2115010899.0000024569AF1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132284855.000001B2FB391000.00000004.00000020.00020000.00000000.sdmp, Portal.msi, WixSharp.dll.5.dr, PDQConnectUpdater-0.3.0.msi.12.dr, MSI1F2D.tmp.1.dr, WixToolset.Dtf.WindowsInstaller.dll.4.drfalse
                                                                                              		unknown
                                                                                              http://wixtoolset.org/schemas/v4/wxs/sql/WixToolset.Netfx.wixextrundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drfalse
                                                                                                		unknown
                                                                                                http://go.microsoft.cpowershell.exe, 00000012.00000002.2441964548.0000027C49D58000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  http://wixtoolset.org/schemas/v4/wxs/httprundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drfalse
                                                                                                    		unknown
                                                                                                    http://go.microsoft.ctainpowershell.exe, 00000012.00000002.2441964548.0000027C49D58000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://aka.ms/pscore68powershell.exe, 0000000E.00000002.2321295734.00000236BA881000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2361843090.0000024180001000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2446101439.0000027C4A901000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2572142905.0000021900001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      http://www.test.com/xml/2015rundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drfalse
                                                                                                        		unknown
                                                                                                        https://o192192.ingest.sentry.io/api/6095569/envelope/3pdq-connect-agent.exe, 0000000C.00000002.3294419444.000001E340F0C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          http://wixtoolset.org/schemas/v4/wxs/utilrundll32.exe, 00000004.00000003.2059789312.000001F970B6C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2082116470.000001B48AEE2000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.2100910825.000001F0B1E06000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2114835794.000002456B5A6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000003.2132130065.000001B2FCD72000.00000004.00000020.00020000.00000000.sdmp, WixSharp.dll.5.drfalse
                                                                                                            		unknown
                                                                                                            https://oneget.orgpowershell.exe, 0000000E.00000002.2321295734.00000236BBC7E000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000010.00000002.2361843090.00000241813F1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2446101439.0000027C4BDE2000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000015.00000002.2572142905.0000021900F8A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown

                                                                                                            World Map of Contacted IPs

                                                                                                            • No. of IPs < 25%
                                                                                                            • 25% < No. of IPs < 50%
                                                                                                            • 50% < No. of IPs < 75%
                                                                                                            • 75% < No. of IPs

                                                                                                            Public IPs

                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                            34.128.163.126
                                                                                                            		websocket.app.pdq.comUnited States
                                                                                                            		2686ATGS-MMD-ASUSfalse
                                                                                                            104.16.77.47
                                                                                                            		app.pdq.comUnited States
                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                            162.159.140.238
                                                                                                            		pdqinstallers.e9d69694c3d8f7465fd531512c22bd0f.r2.cloudflarestorage.comUnited States
                                                                                                            		13335CLOUDFLARENETUStrue

                                                                                                            General Information

                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                            Analysis ID:1527957
                                                                                                            Start date and time:2024-10-07 13:22:13 +02:00
                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                            Overall analysis duration:0h 9m 0s
                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                            Report type:full
                                                                                                            Cookbook file name:default.jbs
                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                            Number of analysed new started processes analysed:23
                                                                                                            Number of new started drivers analysed:0
                                                                                                            Number of existing processes analysed:0
                                                                                                            Number of existing drivers analysed:0
                                                                                                            Number of injected processes analysed:0
                                                                                                            Technologies:
                                                                                                            • HCA enabled
                                                                                                            • EGA enabled
                                                                                                            • AMSI enabled
                                                                                                            Analysis Mode:default
                                                                                                            Analysis stop reason:Timeout
                                                                                                            Sample name:Portal.msi
                                                                                                            Detection:MAL
                                                                                                            Classification:mal64.troj.evad.winMSI@31/77@4/3
                                                                                                            EGA Information:Failed
                                                                                                            HCA Information:Failed
                                                                                                            Cookbook Comments:
                                                                                                            • Found application associated with file extension: .msi

                                                                                                            Warnings

                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                            • Execution Graph export aborted for target pdq-connect-agent.exe, PID 2820 because there are no executed function
                                                                                                            • Execution Graph export aborted for target powershell.exe, PID 3288 because it is empty
                                                                                                            • Execution Graph export aborted for target rundll32.exe, PID 1412 because there are no executed function
                                                                                                            • Execution Graph export aborted for target rundll32.exe, PID 2796 because there are no executed function
                                                                                                            • Execution Graph export aborted for target rundll32.exe, PID 3332 because there are no executed function
                                                                                                            • Execution Graph export aborted for target rundll32.exe, PID 6156 because there are no executed function
                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                            • VT rate limit hit for: Portal.msi

                                                                                                            Simulations

                                                                                                            Behavior and APIs

                                                                                                            TimeTypeDescription
                                                                                                            07:23:30API Interceptor27x Sleep call for process: powershell.exe modified

                                                                                                            Joe Sandbox View / Context

                                                                                                            IPs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            34.128.163.12665cb53.msiGet hashmaliciousUnknownBrowse
                                                                                                              NTGcon.msiGet hashmaliciousUnknownBrowse
                                                                                                                openconference.msiGet hashmaliciousUnknownBrowse
                                                                                                                  azizibank.af-note2024-09-2237032-pdf.msiGet hashmaliciousUnknownBrowse
                                                                                                                    Desktop application.msiGet hashmaliciousUnknownBrowse
                                                                                                                      104.16.77.47NTGcon.msiGet hashmaliciousUnknownBrowse
                                                                                                                        PDQConnectAgent-5.0.3.msiGet hashmaliciousUnknownBrowse
                                                                                                                          162.159.140.23865cb53.msiGet hashmaliciousUnknownBrowse
                                                                                                                            NTGcon.msiGet hashmaliciousUnknownBrowse

                                                                                                                              Domains

                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              pdqinstallers.e9d69694c3d8f7465fd531512c22bd0f.r2.cloudflarestorage.com65cb53.msiGet hashmaliciousUnknownBrowse
                                                                                                                              • 162.159.140.238
                                                                                                                              NTGcon.msiGet hashmaliciousUnknownBrowse
                                                                                                                              • 162.159.140.238
                                                                                                                              openconference.msiGet hashmaliciousUnknownBrowse
                                                                                                                              • 104.18.8.90
                                                                                                                              azizibank.af-note2024-09-2237032-pdf.msiGet hashmaliciousUnknownBrowse
                                                                                                                              • 104.18.8.90
                                                                                                                              Desktop application.msiGet hashmaliciousUnknownBrowse
                                                                                                                              • 104.18.8.90
                                                                                                                              websocket.app.pdq.com65cb53.msiGet hashmaliciousUnknownBrowse
                                                                                                                              • 34.128.163.126
                                                                                                                              NTGcon.msiGet hashmaliciousUnknownBrowse
                                                                                                                              • 34.128.163.126
                                                                                                                              openconference.msiGet hashmaliciousUnknownBrowse
                                                                                                                              • 34.128.163.126
                                                                                                                              azizibank.af-note2024-09-2237032-pdf.msiGet hashmaliciousUnknownBrowse
                                                                                                                              • 34.128.163.126
                                                                                                                              Desktop application.msiGet hashmaliciousUnknownBrowse
                                                                                                                              • 34.128.163.126
                                                                                                                              app.pdq.com65cb53.msiGet hashmaliciousUnknownBrowse
                                                                                                                              • 34.128.163.126
                                                                                                                              NTGcon.msiGet hashmaliciousUnknownBrowse
                                                                                                                              • 34.128.163.126
                                                                                                                              openconference.msiGet hashmaliciousUnknownBrowse
                                                                                                                              • 34.128.163.126
                                                                                                                              azizibank.af-note2024-09-2237032-pdf.msiGet hashmaliciousUnknownBrowse
                                                                                                                              • 34.128.163.126
                                                                                                                              Desktop application.msiGet hashmaliciousUnknownBrowse
                                                                                                                              • 34.128.163.126
                                                                                                                              PDQConnectAgent-5.0.3.msiGet hashmaliciousUnknownBrowse
                                                                                                                              • 104.16.77.47

                                                                                                                              ASNs

                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              CLOUDFLARENETUShttp://www.twbcompany.comGet hashmaliciousUnknownBrowse
                                                                                                                              • 172.67.137.41
                                                                                                                              c3KH2gLNrM.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Stealc, VidarBrowse
                                                                                                                              • 104.21.53.8
                                                                                                                              xd.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                              • 1.3.36.109
                                                                                                                              z1SupplyInvoiceCM60916_Doc.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • 104.21.5.125
                                                                                                                              rREQUESTFORQUOTE-INQUIRY87278.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                              • 188.114.97.3
                                                                                                                              https://kohlhage-de.powerappsportals.com/Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                              • 104.21.34.55
                                                                                                                              High Court Summons Notice.pdfGet hashmaliciousUnknownBrowse
                                                                                                                              • 172.65.208.22
                                                                                                                              https://kohlhage-de.powerappsportals.com/Get hashmaliciousHtmlDropperBrowse
                                                                                                                              • 104.18.3.157
                                                                                                                              cfev.-Information refb08b4d10f3ce74a317adeabab8ac66ad.htmGet hashmaliciousUnknownBrowse
                                                                                                                              • 104.21.26.253
                                                                                                                              SecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 104.20.23.46
                                                                                                                              ATGS-MMD-ASUSxd.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                              • 34.187.79.97
                                                                                                                              xd.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                              • 32.37.108.170
                                                                                                                              xd.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                              • 57.4.20.202
                                                                                                                              http://patjimmy323.wixsite.com/my-site-1/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                              • 34.144.206.118
                                                                                                                              http://org0720.wixsite.com/my-site/Get hashmaliciousUnknownBrowse
                                                                                                                              • 34.149.206.255
                                                                                                                              http://hiotdakia.wixsite.com/p-a-y-h-2-o/blank/Get hashmaliciousUnknownBrowse
                                                                                                                              • 34.149.206.255
                                                                                                                              http://stonemartin1001.wixsite.com/sky-result/Get hashmaliciousUnknownBrowse
                                                                                                                              • 34.144.206.118
                                                                                                                              http://ashleyproberts.wixsite.com/my-site/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                              • 34.144.206.118
                                                                                                                              http://webmailserv3038z.wixsite.com/my-site/Get hashmaliciousUnknownBrowse
                                                                                                                              • 34.144.206.118
                                                                                                                              http://clivenicoll44.wixsite.com/btinternet/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                              • 34.144.206.118
                                                                                                                              CLOUDFLARENETUShttp://www.twbcompany.comGet hashmaliciousUnknownBrowse
                                                                                                                              • 172.67.137.41
                                                                                                                              c3KH2gLNrM.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Stealc, VidarBrowse
                                                                                                                              • 104.21.53.8
                                                                                                                              xd.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                              • 1.3.36.109
                                                                                                                              z1SupplyInvoiceCM60916_Doc.exeGet hashmaliciousFormBookBrowse
                                                                                                                              • 104.21.5.125
                                                                                                                              rREQUESTFORQUOTE-INQUIRY87278.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                              • 188.114.97.3
                                                                                                                              https://kohlhage-de.powerappsportals.com/Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                              • 104.21.34.55
                                                                                                                              High Court Summons Notice.pdfGet hashmaliciousUnknownBrowse
                                                                                                                              • 172.65.208.22
                                                                                                                              https://kohlhage-de.powerappsportals.com/Get hashmaliciousHtmlDropperBrowse
                                                                                                                              • 104.18.3.157
                                                                                                                              cfev.-Information refb08b4d10f3ce74a317adeabab8ac66ad.htmGet hashmaliciousUnknownBrowse
                                                                                                                              • 104.21.26.253
                                                                                                                              SecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 104.20.23.46

                                                                                                                              JA3 Fingerprints

                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              3b5074b1b5d032e5620f69f9f700ff0ehttp://46.27.141.62Get hashmaliciousUnknownBrowse
                                                                                                                              • 34.128.163.126
                                                                                                                              • 104.16.77.47
                                                                                                                              • 162.159.140.238
                                                                                                                              rREQUESTFORQUOTE-INQUIRY87278.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                              • 34.128.163.126
                                                                                                                              • 104.16.77.47
                                                                                                                              • 162.159.140.238
                                                                                                                              SecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 34.128.163.126
                                                                                                                              • 104.16.77.47
                                                                                                                              • 162.159.140.238
                                                                                                                              SecuriteInfo.com.Win64.MalwareX-gen.19388.23445.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 34.128.163.126
                                                                                                                              • 104.16.77.47
                                                                                                                              • 162.159.140.238
                                                                                                                              SecuriteInfo.com.Win64.MalwareX-gen.19388.23445.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 34.128.163.126
                                                                                                                              • 104.16.77.47
                                                                                                                              • 162.159.140.238
                                                                                                                              SecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 34.128.163.126
                                                                                                                              • 104.16.77.47
                                                                                                                              • 162.159.140.238
                                                                                                                              SecuriteInfo.com.Win64.MalwareX-gen.19388.23445.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 34.128.163.126
                                                                                                                              • 104.16.77.47
                                                                                                                              • 162.159.140.238
                                                                                                                              SecuriteInfo.com.Win64.MalwareX-gen.31726.9623.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 34.128.163.126
                                                                                                                              • 104.16.77.47
                                                                                                                              • 162.159.140.238
                                                                                                                              SM-0230- J - TOOL 10 DEGREE FOR DWT MACHINE-MF5i.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                              • 34.128.163.126
                                                                                                                              • 104.16.77.47
                                                                                                                              • 162.159.140.238
                                                                                                                              RFQ-350548 P1-00051538.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                                                              • 34.128.163.126
                                                                                                                              • 104.16.77.47
                                                                                                                              • 162.159.140.238

                                                                                                                              Dropped Files

                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              C:\Windows\Installer\MSI146E.tmp65cb53.msiGet hashmaliciousUnknownBrowse
                                                                                                                                NTGcon.msiGet hashmaliciousUnknownBrowse
                                                                                                                                  openconference.msiGet hashmaliciousUnknownBrowse
                                                                                                                                    azizibank.af-note2024-09-2237032-pdf.msiGet hashmaliciousUnknownBrowse
                                                                                                                                      Desktop application.msiGet hashmaliciousUnknownBrowse
                                                                                                                                        C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe65cb53.msiGet hashmaliciousUnknownBrowse
                                                                                                                                          NTGcon.msiGet hashmaliciousUnknownBrowse
                                                                                                                                            openconference.msiGet hashmaliciousUnknownBrowse
                                                                                                                                              azizibank.af-note2024-09-2237032-pdf.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                Desktop application.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                  C:\Windows\Installer\MSI1F3E.tmp65cb53.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                    NTGcon.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                      openconference.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                        azizibank.af-note2024-09-2237032-pdf.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                          Desktop application.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                            windows_exporter-0.27.1-amd64.msiGet hashmaliciousUnknownBrowse

                                                                                                                                                              Created / dropped Files

                                                                                                                                                              C:\Config.Msi\6a12ca.rbs

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:modified
                                                                                                                                                              Size (bytes):409160
                                                                                                                                                              Entropy (8bit):6.402609262985472
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6144:Z2ET2+QBLh+MVy5DCRoRQvc181kaKr8MMLu8:Z2ET2+cVXVyNgvcCkaKr8MU
                                                                                                                                                              MD5:669AF016003F1F04B1C6866FF38FD9AE
                                                                                                                                                              SHA1:B839E8C486B8C45BD1FEF0042B3E4CE99FC9467F
                                                                                                                                                              SHA-256:855EBC9A57DF909C8857979F8A5B3D16CDD78A0ADDF6FCDE64DC4F48D20652E6
                                                                                                                                                              SHA-512:4440AD5A4C4925B6E692CC53EABEEF1A9D8B81EC74A59FB5F2862545B3EF0C5AE1F6C873414964409A937B056E51D1E1E375ADCF48C131AE37BACF9E2EA5AD01
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:...@IXOS.@.....@.:GY.@.....@.....@.....@.....@.....@......&.{F03416B2-8C97-4CC4-8578-5F6A58F3EB84}..PDQConnectAgent..Portal.msi.@.....@.....@.....@......app_icon.ico..&.{BBBF9B45-7132-4A74-8235-C1D5ECC6E746}.....@.....@.....@.....@.......@.....@.....@.......@......PDQConnectAgent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....CreateEventSource....WriteToken....ProcessComponents..Updating component registration..&.{F03416B2-8C97-4CC4-8578-5F6A83C6998F}&.{F03416B2-8C97-4CC4-8578-5F6A58F3EB84}.@......&.{F03416B2-8C97-4CC4-8578-5F6A3C6D2AF0}&.{F03416B2-8C97-4CC4-8578-5F6A58F3EB84}.@......&.{F03416B2-8C97-4CC4-8578-5F6AD14D3B20}&.{F03416B2-8C97-4CC4-8578-5F6A58F3EB84}.@......&.{F03416B2-8C97-4CC4-8578-5F6AE5347192}&.{F03416B2-8C97-4CC4-8578-5F6A58F3EB84}.@......&.{F03416B2-8C97-4CC4-8578-5F6ACAAE9C8E}&.{F03416B2-8C97-4CC4-8578-5F6A58F3EB84}.@........StopServices..Stopping services..Service: [1]....CreateFolders..Creating folders..Folder: [1]#.

                                                                                                                                                              C:\Program Files\PDQ\PDQConnectAgent\LICENSE.html

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:HTML document, ASCII text, with CRLF, LF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):565593
                                                                                                                                                              Entropy (8bit):4.6599983130189315
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:v91CrOWDYfJRnaAbLC3coL+CjnF9TxQnEnxLx18zsOhoWiDzXCqVHMlhzYXZRmRt:B
                                                                                                                                                              MD5:002520A9817F4304CFB857A3AD3F588A
                                                                                                                                                              SHA1:C4A48C209B1FD422E23B07DB559B20DA1413D4EC
                                                                                                                                                              SHA-256:D0E7A5F8CE7AA197A4168B28BD1676A815F81B95EDDA5FE952A170937D49AC9A
                                                                                                                                                              SHA-512:14852475A813DDD5D44CA4FE8CAE75025575CD6C6A06BDD9D4945EB9D245661AF11C4685DBE87DB0FA0E2D989B93E090096AEB8AE1BF0BD65BB355AE5CC173DD
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:<html>....<head>.. <style>.. @media (prefers-color-scheme: dark) {.. body {.. background: #333;.. color: white;.. }.... a {.. color: skyblue;.. }.. }.... .container {.. font-family: sans-serif;.. max-width: 800px;.. margin: 0 auto;.. }.... .intro {.. text-align: center;.. }.... .licenses-list {.. list-style-type: none;.. margin: 0;.. padding: 0;.. }.... .license-used-by {.. margin-top: -10px;.. }.... .license-text {.. max-height: 200px;.. overflow-y: scroll;.. white-space: pre-wrap;.. }.. </style>..</head>....<body>.. <main class="container">.. <div class="intro">.. <h1>LICENSE</h1>.. <p>PDQ Connect Agent: Copyright (C) 2024 PDQ.com Corporation.</p>..

                                                                                                                                                              C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):9066264
                                                                                                                                                              Entropy (8bit):6.408326067153042
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:49152:gUVJQF7CAYci76mxoQyjIo0Q8ujb92QbzS+1x4GRmAcZIuvPbPg104hvSb9Gw/Ia:v/LPN/UcEi+aiZlNJvMlx5b+RJNc
                                                                                                                                                              MD5:0B92E149D8047B46F69D9E31B0DA5500
                                                                                                                                                              SHA1:F12BB240671D124B855500C302711B60548BB354
                                                                                                                                                              SHA-256:E545C996BBBFE3F969EF417744256A807BCC50983F606702B8A407FA781D199F
                                                                                                                                                              SHA-512:836324E7937C03A188BB947ECA31256F78C8B0130201932853693E457672C779555EB2C92E9D6A5A3FE1844107143436CCEE04F92F15E81953D47562EE9DCD5E
                                                                                                                                                              Malicious:true
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                              • Filename: 65cb53.msi, Detection: malicious, Browse
                                                                                                                                                              • Filename: NTGcon.msi, Detection: malicious, Browse
                                                                                                                                                              • Filename: openconference.msi, Detection: malicious, Browse
                                                                                                                                                              • Filename: azizibank.af-note2024-09-2237032-pdf.msi, Detection: malicious, Browse
                                                                                                                                                              • Filename: Desktop application.msi, Detection: malicious, Browse
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1.UP..UP..UP...(..^P...(...P...(..GP..E.._P..E..EP..E..|P...(..WP..UP...Q.....IP.....TP..UP..R....B.TP..UP*.TP.....TP..RichUP..................PE..d...H..f.........."....)..Z..60.....|.W........@..........................................`..................................................S..T............@..p}...0...'.....(....Jp.T....................Mp.(....Ip.@............ Z.P............................text... .Z.......Z................. ..`.rdata...T(.. Z..V(...Z.............@..@.data................j..............@....pdata..p}...@...~..................@..@.rsrc...............................@..@.reloc..(..........................@..B........................................................................................................................................................................................................................

                                                                                                                                                              C:\ProgramData\PDQ\PDQConnectAgent\PDQConnectAgent.db

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe
                                                                                                                                                              File Type:SQLite 3.x database, user version 7, last written using SQLite version 3045000, file counter 4, database pages 9, cookie 0x8, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):36864
                                                                                                                                                              Entropy (8bit):0.5756311663105244
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:TvlW3rdYFvR5+fvRAKpAAMF7T+B4QtIoB9mhPwAMAzmq0:rI3ZYVR5+XRAKSA0OB79Q4AtC
                                                                                                                                                              MD5:A85E46EA858113955A209AB2ED85062F
                                                                                                                                                              SHA1:1035C7A77D5F4D2E1C9C660E4E4A072326CD4AAD
                                                                                                                                                              SHA-256:530BB975F3F55DEFC76E06343AE0B6B9DFB56FD894F8FAEBCA675584D15AD9F0
                                                                                                                                                              SHA-512:D42C09365E2BB23C58114B0BAEC4A7AE2C156E47D03888E081E916EBD920FCA74024798E65C0BCD1BE4E056A015CCED4DE08F9AC45C1E2D6D8CA7CB5B1CBC219
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................v...7...!........3.!...A..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\ProgramData\PDQ\PDQConnectAgent\PDQConnectAgent.db-journal

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe
                                                                                                                                                              File Type:SQLite Rollback Journal
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):12824
                                                                                                                                                              Entropy (8bit):1.3228994145157753
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:7MZvz1J8T+B4QtIoB9mlq/lW3rdYFvR5+fvRAX:76vFB79eGI3ZYVR5+XRAX
                                                                                                                                                              MD5:4227A0078D37E9062433838BDD3506BB
                                                                                                                                                              SHA1:D7910837811864BF4E6FF5A1AFB26582B88DCEE0
                                                                                                                                                              SHA-256:657489DB6BA0296D11BE3601DDE696D316F124F26B3B5E7643C6FB65D87343EC
                                                                                                                                                              SHA-512:50A4BC02FAD0E25B954FC4B35E108A64E40808835C00DBC385A00901D893C9DD74EB1E2A22F7C63E70E550DA87F9A103B2F10F5B5F61AC767C2691977DED5E62
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.... .c.....D.._........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\ProgramData\PDQ\PDQConnectAgent\Updates\PDQConnectUpdater-0.3.0.msi

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe
                                                                                                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: PDQConnectUpdater, Author: PDQ.com, Keywords: Installer, Comments: This installer database contains the logic and data required to install PDQConnectUpdater., Template: x64;1033, Revision Number: {680478D0-253F-4DCD-9B76-6390D88203FC}, Create Time/Date: Mon Aug 26 16:00:00 2024, Last Saved Time/Date: Mon Aug 26 16:00:00 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: WiX Toolset (5.0.0.0), Security: 2
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):3112960
                                                                                                                                                              Entropy (8bit):7.446053423123235
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:49152:wL+hUxoR8sLwnKG4nw2BpFM+F8fSAwRL4peoXSq2PiWQpVKlHdhrG:wyCxoR9knobpFFTRmYqpWQQHdo
                                                                                                                                                              MD5:1BF1CB4939DA999879EF545276B25867
                                                                                                                                                              SHA1:2ADE4CD68ACEE935A5A0D3CC5A54DAB507D908DA
                                                                                                                                                              SHA-256:DBD4EEF53A166DDB489DD7C2528B0BEC08FEB53498BECAEF57A70D2BB32CE4BF
                                                                                                                                                              SHA-512:74B1AB4B910D450DE8D318DE5CF3A5FE7B7E985EC007DC61C58BF89A9F2DF3992217EBC8FA92AE034BCBD72877810F751E7BCB8E2B44A3D52AA4777D0297CFD5
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\ProgramData\PDQ\PDQConnectAgent\token

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):86
                                                                                                                                                              Entropy (8bit):4.868271302151145
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:d5Id0K1RkbiwJbHqgSQlVOSkqRS:Y10iwrjmERS
                                                                                                                                                              MD5:1739D2CC38F7496C20D382969A14D042
                                                                                                                                                              SHA1:EDC00FFF9A99F3F2E9C30D8C87EA0A56EC523A41
                                                                                                                                                              SHA-256:DF6CAC52DEDDB0BCD9BB4FCD4383E139B16C3B0FCAF7213851EF4A115C155F8A
                                                                                                                                                              SHA-512:64F58EAAA11D36BE09F2D8D4609DE2EB3F08076130FCA169BA415455D055C88DAE374D7650358BC2117A2F082B7576C883869776C9337D77FA930136A2A1FDC0
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:iy7lw-ocuuvtryodew48rknn6rgxdq3abra8zpq8xlloyjpcu08ufwse-po2kjjmxwu8vejct0ghwg7p-hpotw

                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\rundll32.exe.log

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                              File Type:CSV text
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):651
                                                                                                                                                              Entropy (8bit):5.348956889965525
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:Q3La/KDLI4MWuPXcp1OKbbDLI4MWuPOKfSSI6KhaOK9eDLI4MNOK9XGK9yiv:ML9E4KQwKDE4KGKZI6KhPKIE4TKBGKoM
                                                                                                                                                              MD5:7CFF259EE7A28D8B8BA9D28BE3288747
                                                                                                                                                              SHA1:89023672C346B4101410DF25D4CB42BD3FB38285
                                                                                                                                                              SHA-256:D6EE41ADE037CF4F71E67C00CC8A98EA5BD5A6E3370CD36093EBA31DCE7B421A
                                                                                                                                                              SHA-512:34224680DE9604686778FC1B4C3DAF83A47A248F6431E1BDA97F753043D760B701F8A5BB8BE0AA9FE16995C75410FC3336CE5E4A88F47EE6DFB9344912C1F0CA
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..

                                                                                                                                                              C:\Windows\Installer\6a12c9.msi

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: PDQConnectAgent, Author: PDQ.com, Keywords: Installer, Comments: This installer database contains the logic and data required to install PDQConnectAgent., Template: x64;1033, Revision Number: {BBBF9B45-7132-4A74-8235-C1D5ECC6E746}, Create Time/Date: Tue Sep 17 15:34:46 2024, Last Saved Time/Date: Tue Sep 17 15:34:46 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: WiX Toolset (5.0.0.0), Security: 2
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):4946944
                                                                                                                                                              Entropy (8bit):7.725154849572571
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:98304:TdPxrBOio8Pis9TsPYT5Lpl7VETqDno02:TdJrBOkispsQT5Fl7kqDh2
                                                                                                                                                              MD5:9B7151E351CFBFBF8276B9A2CD8DCCC2
                                                                                                                                                              SHA1:C5F1808E63A6BA22F602BAB3225D8821372B8E79
                                                                                                                                                              SHA-256:60B686750A697E5B2A1580E7B2932C269BF7E2231869769C2AD49546F2F8577C
                                                                                                                                                              SHA-512:0DC97164E7FC1E80FEA8A6FE0556B6B8D5A5FE84BAD9E533EC72067A6BFCEFE97BA1B7A74C69B60D81693616D75656904595BA65BD91B2EABC196A7D4D121E2B
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:......................>...................L...S%..........Q%..............]%..^%.._%..`%..a%..b%..c%..d%..e%..f%..g%..h%..i%..j%..k%..l%..m%..n%..o%..p%..q%..r%..s%..t%..u%..v%..w%..x%..y%..z%..{%..|%..}%..~%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%......................................................................................................................................NameTableiy7lw-ocuuvtryodew48rknn6rgxdq3abra8zpq8xlloyjpcu08ufwse-po2kjjmxwu8vejct0ghwg7p-hpotwTypePropertyValueALLUSERS1TOKEN WixSharp_BeforeInstall_Handlerspdqconnectagent-setup, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null|pdqconnectagent_setup.Program|OnBeforeInstallARPPRODUCTICONapp_icon.icoREINSTALLMODEomusManufacturerPDQ.comProductCode{F03416B2-8C97-4CC4-8578-5F6A58F3EB84}ProductLanguage1033ProductNamePDQConnectAgentProductVersion5.5.1UpgradeCode{F03416B2-8C97-4CC4-85

                                                                                                                                                              C:\Windows\Installer\6a12cb.msi

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: PDQConnectAgent, Author: PDQ.com, Keywords: Installer, Comments: This installer database contains the logic and data required to install PDQConnectAgent., Template: x64;1033, Revision Number: {BBBF9B45-7132-4A74-8235-C1D5ECC6E746}, Create Time/Date: Tue Sep 17 15:34:46 2024, Last Saved Time/Date: Tue Sep 17 15:34:46 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: WiX Toolset (5.0.0.0), Security: 2
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):4946944
                                                                                                                                                              Entropy (8bit):7.725154849572571
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:98304:TdPxrBOio8Pis9TsPYT5Lpl7VETqDno02:TdJrBOkispsQT5Fl7kqDh2
                                                                                                                                                              MD5:9B7151E351CFBFBF8276B9A2CD8DCCC2
                                                                                                                                                              SHA1:C5F1808E63A6BA22F602BAB3225D8821372B8E79
                                                                                                                                                              SHA-256:60B686750A697E5B2A1580E7B2932C269BF7E2231869769C2AD49546F2F8577C
                                                                                                                                                              SHA-512:0DC97164E7FC1E80FEA8A6FE0556B6B8D5A5FE84BAD9E533EC72067A6BFCEFE97BA1B7A74C69B60D81693616D75656904595BA65BD91B2EABC196A7D4D121E2B
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:......................>...................L...S%..........Q%..............]%..^%.._%..`%..a%..b%..c%..d%..e%..f%..g%..h%..i%..j%..k%..l%..m%..n%..o%..p%..q%..r%..s%..t%..u%..v%..w%..x%..y%..z%..{%..|%..}%..~%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%...%......................................................................................................................................NameTableiy7lw-ocuuvtryodew48rknn6rgxdq3abra8zpq8xlloyjpcu08ufwse-po2kjjmxwu8vejct0ghwg7p-hpotwTypePropertyValueALLUSERS1TOKEN WixSharp_BeforeInstall_Handlerspdqconnectagent-setup, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null|pdqconnectagent_setup.Program|OnBeforeInstallARPPRODUCTICONapp_icon.icoREINSTALLMODEomusManufacturerPDQ.comProductCode{F03416B2-8C97-4CC4-8578-5F6A58F3EB84}ProductLanguage1033ProductNamePDQConnectAgentProductVersion5.5.1UpgradeCode{F03416B2-8C97-4CC4-85

                                                                                                                                                              C:\Windows\Installer\MSI146E.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):561937
                                                                                                                                                              Entropy (8bit):7.201039809475067
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:A2p21IWpJk/4ACJFaCln1sFB2qoM7tGiZASzOSl7oO:H21IWr8GnKGDM7lA+OSlX
                                                                                                                                                              MD5:CA823E5D29BF298166659E2098551446
                                                                                                                                                              SHA1:58AEE057838369021B6427B88B03622F18E10721
                                                                                                                                                              SHA-256:73D67CA1F9418A191E0844E94694F889F8631F06077919764C2B1C2F1ED2D348
                                                                                                                                                              SHA-512:CBB5DFFB72433D59D591C931BD361E3CD2420F741FA07A6CEDBE8F6B759470E1EDBE4D22287F26733F57E976473EF8AF9037800D82233263AAB02BE35950BB20
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                              • Filename: 65cb53.msi, Detection: malicious, Browse
                                                                                                                                                              • Filename: NTGcon.msi, Detection: malicious, Browse
                                                                                                                                                              • Filename: openconference.msi, Detection: malicious, Browse
                                                                                                                                                              • Filename: azizibank.af-note2024-09-2237032-pdf.msi, Detection: malicious, Browse
                                                                                                                                                              • Filename: Desktop application.msi, Detection: malicious, Browse
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................9...v......v......v............................................G...../..........Rich....................PE..d...<..f.........." ...(............`Y....................................................`A........................................p....*..8Y..........................................T...........................`...@...............H............................text...p........................... ..`.rdata..............................@..@.data........p.......V..............@....pdata...............b..............@..@.rsrc................x..............@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Installer\MSI1F2D.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):3189183
                                                                                                                                                              Entropy (8bit):6.908743374743158
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:49152:mL/VEGQHL/VEGQ9L/VEGQbw2BpFMfw2BpFMOw2BpFM5:m7VETH7VET97VET3pEpLpA
                                                                                                                                                              MD5:ACCA9968F4A5A9333905922BCAE35A92
                                                                                                                                                              SHA1:734ADE7B5835B7CBE60A2A93AD31686C92D9C853
                                                                                                                                                              SHA-256:E0D4C12F2CD2A7AE4CFE4474695470E9B50CC112EC936BE3F2EEDE0D3C146B5E
                                                                                                                                                              SHA-512:F5DB9551B83A44719A33DAE4FCA01581C3B5006BBCB38F52A2CB76619B3824AE89CE4E15F4224288754641CC1B38159527603D550362E651BEEC5FE46DBA6985
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:...@IXOS.@.....@.:GY.@.....@.....@.....@.....@.....@......&.{F03416B2-8C97-4CC4-8578-5F6A58F3EB84}..PDQConnectAgent..Portal.msi.@.....@.....@.....@......app_icon.ico..&.{BBBF9B45-7132-4A74-8235-C1D5ECC6E746}.....@.....@.....@.....@.......@.....@.....@.......@......PDQConnectAgent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........CreateEventSource....J...CreateEventSource.@.........MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................9...v......v......v............................................G...../..........Rich....................PE..d...<..f.........." ...(............`Y....................................................`A........................................p....*..8Y..........................................T...........................`...@...............H............................text...p.........

                                                                                                                                                              C:\Windows\Installer\MSI1F3E.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):400152
                                                                                                                                                              Entropy (8bit):6.399146863112245
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6144:q2ET2+QBLh+MVy5DCRoRQvc181kaKr8MMLu:q2ET2+cVXVyNgvcCkaKr8M
                                                                                                                                                              MD5:50B7B3B911194A3DDDD6EE1E1E18279E
                                                                                                                                                              SHA1:5605EA9A1E919BA16183BEB1006031D5749D05AB
                                                                                                                                                              SHA-256:CA9193C79DF2446AB974CE5DE4AD038F4CBA28A7228B5469D41C326B6F29B371
                                                                                                                                                              SHA-512:918D11D006FA17BE6A77ED84C26C837545654DCF6187BD256CC031D97D18ACB8833FFA68C94E13F1C865650B7B3A23826D2D4E427AA2749E01B6B1080A0A17D4
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                              • Filename: 65cb53.msi, Detection: malicious, Browse
                                                                                                                                                              • Filename: NTGcon.msi, Detection: malicious, Browse
                                                                                                                                                              • Filename: openconference.msi, Detection: malicious, Browse
                                                                                                                                                              • Filename: azizibank.af-note2024-09-2237032-pdf.msi, Detection: malicious, Browse
                                                                                                                                                              • Filename: Desktop application.msi, Detection: malicious, Browse
                                                                                                                                                              • Filename: windows_exporter-0.27.1-amd64.msi, Detection: malicious, Browse
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=&.\H..\H..\H..$M..\H.F.K..\H.F.L..\H.F.M..\H..$K..\H..$L..\H..$N..\H..$I..\H..\I..]H...M..\H...H..\H.....\H..\..\H...J..\H.Rich.\H.................PE..d......f.........." ...(.....r.......O.......................................P......n.....`A.........................................................0........... ......./...@.......v..T....................y..(....u..@............................................text... ........................... ..`.rdata..\...........................@..@.data...X0..........................@....pdata... ......."..................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Installer\MSI1F6E.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):561937
                                                                                                                                                              Entropy (8bit):7.201039809475067
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:A2p21IWpJk/4ACJFaCln1sFB2qoM7tGiZASzOSl7oO:H21IWr8GnKGDM7lA+OSlX
                                                                                                                                                              MD5:CA823E5D29BF298166659E2098551446
                                                                                                                                                              SHA1:58AEE057838369021B6427B88B03622F18E10721
                                                                                                                                                              SHA-256:73D67CA1F9418A191E0844E94694F889F8631F06077919764C2B1C2F1ED2D348
                                                                                                                                                              SHA-512:CBB5DFFB72433D59D591C931BD361E3CD2420F741FA07A6CEDBE8F6B759470E1EDBE4D22287F26733F57E976473EF8AF9037800D82233263AAB02BE35950BB20
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................9...v......v......v............................................G...../..........Rich....................PE..d...<..f.........." ...(............`Y....................................................`A........................................p....*..8Y..........................................T...........................`...@...............H............................text...p........................... ..`.rdata..............................@..@.data........p.......V..............@....pdata...............b..............@..@.rsrc................x..............@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Installer\MSI2451.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):400152
                                                                                                                                                              Entropy (8bit):6.399146863112245
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6144:q2ET2+QBLh+MVy5DCRoRQvc181kaKr8MMLu:q2ET2+cVXVyNgvcCkaKr8M
                                                                                                                                                              MD5:50B7B3B911194A3DDDD6EE1E1E18279E
                                                                                                                                                              SHA1:5605EA9A1E919BA16183BEB1006031D5749D05AB
                                                                                                                                                              SHA-256:CA9193C79DF2446AB974CE5DE4AD038F4CBA28A7228B5469D41C326B6F29B371
                                                                                                                                                              SHA-512:918D11D006FA17BE6A77ED84C26C837545654DCF6187BD256CC031D97D18ACB8833FFA68C94E13F1C865650B7B3A23826D2D4E427AA2749E01B6B1080A0A17D4
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=&.\H..\H..\H..$M..\H.F.K..\H.F.L..\H.F.M..\H..$K..\H..$L..\H..$N..\H..$I..\H..\I..]H...M..\H...H..\H.....\H..\..\H...J..\H.Rich.\H.................PE..d......f.........." ...(.....r.......O.......................................P......n.....`A.........................................................0........... ......./...@.......v..T....................y..(....u..@............................................text... ........................... ..`.rdata..\...........................@..@.data...X0..........................@....pdata... ......."..................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Installer\MSI24EE.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):400152
                                                                                                                                                              Entropy (8bit):6.399146863112245
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6144:q2ET2+QBLh+MVy5DCRoRQvc181kaKr8MMLu:q2ET2+cVXVyNgvcCkaKr8M
                                                                                                                                                              MD5:50B7B3B911194A3DDDD6EE1E1E18279E
                                                                                                                                                              SHA1:5605EA9A1E919BA16183BEB1006031D5749D05AB
                                                                                                                                                              SHA-256:CA9193C79DF2446AB974CE5DE4AD038F4CBA28A7228B5469D41C326B6F29B371
                                                                                                                                                              SHA-512:918D11D006FA17BE6A77ED84C26C837545654DCF6187BD256CC031D97D18ACB8833FFA68C94E13F1C865650B7B3A23826D2D4E427AA2749E01B6B1080A0A17D4
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=&.\H..\H..\H..$M..\H.F.K..\H.F.L..\H.F.M..\H..$K..\H..$L..\H..$N..\H..$I..\H..\I..]H...M..\H...H..\H.....\H..\..\H...J..\H.Rich.\H.................PE..d......f.........." ...(.....r.......O.......................................P......n.....`A.........................................................0........... ......./...@.......v..T....................y..(....u..@............................................text... ........................... ..`.rdata..\...........................@..@.data...X0..........................@....pdata... ......."..................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Installer\MSI2676.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):566227
                                                                                                                                                              Entropy (8bit):7.205012370099436
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:Y2p21IWpJkDR2VP86YSBpvS5PW/0ASmhXs7u5Nl+xRp:f21IW/VURVPgLQ6zAH
                                                                                                                                                              MD5:449EAA563873920AE3C03465ED5A8584
                                                                                                                                                              SHA1:D0B04CD0F0DAE48B1E58DD04CFC5AF6FB37E11AB
                                                                                                                                                              SHA-256:E551502C365AAFBB5DA73536A881FCE357758002A1B17B2997D518DDFD4A5DD9
                                                                                                                                                              SHA-512:074F1418DC7FC77854C628D8807E0FE99D5561AED59664F3315BEBD4F7BC9F7B525E9C233FA48B37AEAAFD802587740FE024B3BFBB36A92466BB5595AB6EDDBE
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................9...v......v......v............................................G...../..........Rich....................PE..d...<..f.........." ...(............`Y....................................................`A........................................p....*..8Y..........................................T...........................`...@...............H............................text...p........................... ..`.rdata..............................@..@.data........p.......V..............@....pdata...............b..............@..@.rsrc................x..............@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Installer\MSI2C05.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):566227
                                                                                                                                                              Entropy (8bit):7.205012370099436
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:Y2p21IWpJkDR2VP86YSBpvS5PW/0ASmhXs7u5Nl+xRp:f21IW/VURVPgLQ6zAH
                                                                                                                                                              MD5:449EAA563873920AE3C03465ED5A8584
                                                                                                                                                              SHA1:D0B04CD0F0DAE48B1E58DD04CFC5AF6FB37E11AB
                                                                                                                                                              SHA-256:E551502C365AAFBB5DA73536A881FCE357758002A1B17B2997D518DDFD4A5DD9
                                                                                                                                                              SHA-512:074F1418DC7FC77854C628D8807E0FE99D5561AED59664F3315BEBD4F7BC9F7B525E9C233FA48B37AEAAFD802587740FE024B3BFBB36A92466BB5595AB6EDDBE
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................9...v......v......v............................................G...../..........Rich....................PE..d...<..f.........." ...(............`Y....................................................`A........................................p....*..8Y..........................................T...........................`...@...............H............................text...p........................... ..`.rdata..............................@..@.data........p.......V..............@....pdata...............b..............@..@.rsrc................x..............@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Installer\MSI328E.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):566227
                                                                                                                                                              Entropy (8bit):7.205012370099436
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:Y2p21IWpJkDR2VP86YSBpvS5PW/0ASmhXs7u5Nl+xRp:f21IW/VURVPgLQ6zAH
                                                                                                                                                              MD5:449EAA563873920AE3C03465ED5A8584
                                                                                                                                                              SHA1:D0B04CD0F0DAE48B1E58DD04CFC5AF6FB37E11AB
                                                                                                                                                              SHA-256:E551502C365AAFBB5DA73536A881FCE357758002A1B17B2997D518DDFD4A5DD9
                                                                                                                                                              SHA-512:074F1418DC7FC77854C628D8807E0FE99D5561AED59664F3315BEBD4F7BC9F7B525E9C233FA48B37AEAAFD802587740FE024B3BFBB36A92466BB5595AB6EDDBE
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................9...v......v......v............................................G...../..........Rich....................PE..d...<..f.........." ...(............`Y....................................................`A........................................p....*..8Y..........................................T...........................`...@...............H............................text...p........................... ..`.rdata..............................@..@.data........p.......V..............@....pdata...............b..............@..@.rsrc................x..............@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Installer\MSI3B87.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):400152
                                                                                                                                                              Entropy (8bit):6.399146863112245
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6144:q2ET2+QBLh+MVy5DCRoRQvc181kaKr8MMLu:q2ET2+cVXVyNgvcCkaKr8M
                                                                                                                                                              MD5:50B7B3B911194A3DDDD6EE1E1E18279E
                                                                                                                                                              SHA1:5605EA9A1E919BA16183BEB1006031D5749D05AB
                                                                                                                                                              SHA-256:CA9193C79DF2446AB974CE5DE4AD038F4CBA28A7228B5469D41C326B6F29B371
                                                                                                                                                              SHA-512:918D11D006FA17BE6A77ED84C26C837545654DCF6187BD256CC031D97D18ACB8833FFA68C94E13F1C865650B7B3A23826D2D4E427AA2749E01B6B1080A0A17D4
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=&.\H..\H..\H..$M..\H.F.K..\H.F.L..\H.F.M..\H..$K..\H..$L..\H..$N..\H..$I..\H..\I..]H...M..\H...H..\H.....\H..\..\H...J..\H.Rich.\H.................PE..d......f.........." ...(.....r.......O.......................................P......n.....`A.........................................................0........... ......./...@.......v..T....................y..(....u..@............................................text... ........................... ..`.rdata..\...........................@..@.data...X0..........................@....pdata... ......."..................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Installer\MSI3BA8.tmp

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):400152
                                                                                                                                                              Entropy (8bit):6.399146863112245
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6144:q2ET2+QBLh+MVy5DCRoRQvc181kaKr8MMLu:q2ET2+cVXVyNgvcCkaKr8M
                                                                                                                                                              MD5:50B7B3B911194A3DDDD6EE1E1E18279E
                                                                                                                                                              SHA1:5605EA9A1E919BA16183BEB1006031D5749D05AB
                                                                                                                                                              SHA-256:CA9193C79DF2446AB974CE5DE4AD038F4CBA28A7228B5469D41C326B6F29B371
                                                                                                                                                              SHA-512:918D11D006FA17BE6A77ED84C26C837545654DCF6187BD256CC031D97D18ACB8833FFA68C94E13F1C865650B7B3A23826D2D4E427AA2749E01B6B1080A0A17D4
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=&.\H..\H..\H..$M..\H.F.K..\H.F.L..\H.F.M..\H..$K..\H..$L..\H..$N..\H..$I..\H..\I..]H...M..\H...H..\H.....\H..\..\H...J..\H.Rich.\H.................PE..d......f.........." ...(.....r.......O.......................................P......n.....`A.........................................................0........... ......./...@.......v..T....................y..(....u..@............................................text... ........................... ..`.rdata..\...........................@..@.data...X0..........................@....pdata... ......."..................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Installer\SFXCA363E23D38342B28859B2E30EB0910098\CustomAction.config

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):980
                                                                                                                                                              Entropy (8bit):3.2202836610787027
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:TMHd4fNGsVymhsSesrwsr6SAzofAIbKOJ9OexT:2dhmh5r5rUP4KYb
                                                                                                                                                              MD5:C9C40AF1656F8531EAA647CACEB1E436
                                                                                                                                                              SHA1:907837497508DE13D5A7E60697FC9D050E327E19
                                                                                                                                                              SHA-256:1A67F60962CA1CBF19873B62A8518EFE8C701A09CD609AF4C50ECC7F0B468BB8
                                                                                                                                                              SHA-512:0F7033686BEFA3F4ACF3ED355C1674EAA6E349FBA97E906446C8A7000BE6876F157BC015BF5D3011FBBDC2C771BCBAEA97918B8D24C064CBBD302741CC70CBC7
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8" ?>.. <configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. <supportedRuntime version="v4.0.30319"/>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>.. <supportedRuntime version="v2.0.50727"/>.. <supportedRuntime version="v2.0.50215"/>.. <supportedRuntime version="v1.1.4322"/>.. </startup>.. </configuration>

                                                                                                                                                              C:\Windows\Installer\SFXCA363E23D38342B28859B2E30EB0910098\WixSharp.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):616448
                                                                                                                                                              Entropy (8bit):6.275281739120598
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:pRo3Y8U50f6Vo2PTCHrdjJkOVF4f45zX+fR1Yjd:oq0fV2rmrtJkOVF4f45zyR1Yj
                                                                                                                                                              MD5:EBED2675D27B9383EE8E58BDEDDD5DA4
                                                                                                                                                              SHA1:4DC37974DB638EC02363C784FA2C178125F4280F
                                                                                                                                                              SHA-256:CAA9DA1C55E33446EAEB783957E990847369423C7DD652F07A5C93BF1D786A66
                                                                                                                                                              SHA-512:B13538F58B766ABD013F73D398EAA4E1ADEC3FC967415BF7F95198E6F55AC65A12A0C3863708B6FB525EF4A01F0AB88485BB990527BC0E4F5159C8419811DFAB
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5..f.........." ..0..`...........~... ........... ....................................`.................................L~..O....................................}............................................... ............... ..H............text....^... ...`.................. ..`.rsrc................b..............@..@.reloc...............f..............@..B.................~......H...........X...........lT..((...|........................................{....*..{....*V.( .....}......}....*...0..A........u........4.,/(!....{.....{....o"...,.(#....{.....{....o$...*.*.*. =... )UU.Z(!....{....o%...X )UU.Z(#....{....o&...X*...0..b........r...p......%..{.......%q.........-.&.+.......o'....%..{.......%q.........-.&.+.......o'....((...*..{)...*..{*...*V.( .....}).....}*...*.0..A........u........4.,/(!....{)....{)...o"...,.(#....{*....{*...o$...*.*.*. .<. )UU.

                                                                                                                                                              C:\Windows\Installer\SFXCA363E23D38342B28859B2E30EB0910098\WixToolset.Dtf.WindowsInstaller.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):197904
                                                                                                                                                              Entropy (8bit):6.576691555164326
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:QLxw5Btsb/b3xYxGI65OdtHMzBTx8j69UgoTqdzjDCnfKlRUjW01KyIEjZpjWja9:QLWkzBuGI0b8j6jomdCJjeU
                                                                                                                                                              MD5:B82B13D16E7F3D3607026F61B7295224
                                                                                                                                                              SHA1:D17B76907EA442B6CC5A79361A8FCEC91075E20D
                                                                                                                                                              SHA-256:BCC548E72B190D8F39DCB19538444E2576617A21CABA6ADCB4116511E1D2DDEE
                                                                                                                                                              SHA-512:BE8C0B8B585FC77693E7481CA5D3F57A8B213C1190782FD4700676AF9C0B671523C1A4FA58F15947A14C1FF6D4CDA65D7353C6BA848A3A247DFCDA864869E93F
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....J............" ..0.................. ........... .......................@....../E....@.....................................O......................../... ......x...p............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......t....G...............z............................................(;....-.r...ps<...z..s=...}....*..(;....-.r...ps<...z..(....}....*2.{....o>...*..*...2...{....o>.../..{.....o?...*r...ps@...z..0..[........(A...,.r3..ps<...z.{....oB....+..oC.....o.....(D...,......o....-....,..o.....r3..ps@...z.*.........%D.......sE...z.sE...z:..(..........*6..o....(....*..0..F........(A...,.r3..ps<...z..+..{.....o?...o.....(D...,..*......{....o>...2..*r.-.rI..ps<...z.{......oF...*.sE..

                                                                                                                                                              C:\Windows\Installer\SFXCA363E23D38342B28859B2E30EB0910098\pdqconnectagent-setup.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                              File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):24856
                                                                                                                                                              Entropy (8bit):6.434753182905981
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:QVc6es6XbIaz7Au+g7x9ONyb8E9VFgJy0nAM+ohQBgC:aWFbD4ulz2ECy0nAMxCB
                                                                                                                                                              MD5:35CB42244B7BDC5FF2C50A6E1F878ACB
                                                                                                                                                              SHA1:DB89B326FF68EAA9CE7AA6C0638B29A5AB01D525
                                                                                                                                                              SHA-256:2AF52A53B01EDDF5B2482B45D06B25B9740637B511A33C7A7E76FE21161938E4
                                                                                                                                                              SHA-512:3E060F338D3F5C41D302A866CD26F2C64B2571A831BD87615F914A782D6BFB94533CF3F12D955BE1A3C366AA267F931ED3EF1F13824E6EDDBEF3813D85D05883
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....,..........."...0.............jM... ...`....@.. ............................... ....`..................................M..O....`..(............:...'..........tL..8............................................ ............... ..H............text...p-... ...................... ..`.rsrc...(....`.......0..............@..@.reloc...............8..............@..B................IM......H.......X(...$............................................................(....*:.(......}....*..0...........(....9.....r...po....~....(....&.rI..p(....rk..p(.....~....rk..p(......rw..p(....o......(....-...(.....r...po....+..(....,....(.....r...po.....*....0..\........rS..po.....r...p(....r...p.o....-.~....+.~....r...p(.....(........r...p.o ...(!...o.......*........6A.......0..........r...p("...-y.r%..po....r...pr{..ps#...%.r...p(....r...p(....o$...(%...(&...~....%-.&~.......

                                                                                                                                                              C:\Windows\Installer\SFXCA363E23D38342B28859B2E30EB0910098\pdqconnectagent-setup.pdb

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                              File Type:MSVC program database ver 7.00, 512*59 bytes
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):30208
                                                                                                                                                              Entropy (8bit):2.6680911663808033
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:sAP7HAPuAPxAPVdyGAPuAPxAPVdAP1HnBiPB3VxVyDUZgqurMNUNUgAM+3rhf9HP:TYRyfmRysBBiP9JkUDi7G15BNUy
                                                                                                                                                              MD5:44DF11D5C722AEFA59BA8381E80AE286
                                                                                                                                                              SHA1:A9553A2F9F052F705440EC3AADD61D900267C67F
                                                                                                                                                              SHA-256:E23FB35B01D98BE265C83E28A989D8B987DA639A9EF2040E11FD6078AAA281AE
                                                                                                                                                              SHA-512:9DF33351317D494001B4A34A8F6A03082BFC969DC4DDB8944B5E6AF4563CAE110A2603B71839FAC6623F2AD22E4F4FCB3F63F5C4FC639BBAEAB8AC15CCEC4367
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:Microsoft C/C++ MSF 7.00...DS...........;...........:...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Installer\SFXCA87E78A4C484AC7BA8DC6E0B5627E7F20\CustomAction.config

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):980
                                                                                                                                                              Entropy (8bit):3.2202836610787027
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:TMHd4fNGsVymhsSesrwsr6SAzofAIbKOJ9OexT:2dhmh5r5rUP4KYb
                                                                                                                                                              MD5:C9C40AF1656F8531EAA647CACEB1E436
                                                                                                                                                              SHA1:907837497508DE13D5A7E60697FC9D050E327E19
                                                                                                                                                              SHA-256:1A67F60962CA1CBF19873B62A8518EFE8C701A09CD609AF4C50ECC7F0B468BB8
                                                                                                                                                              SHA-512:0F7033686BEFA3F4ACF3ED355C1674EAA6E349FBA97E906446C8A7000BE6876F157BC015BF5D3011FBBDC2C771BCBAEA97918B8D24C064CBBD302741CC70CBC7
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8" ?>.. <configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. <supportedRuntime version="v4.0.30319"/>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>.. <supportedRuntime version="v2.0.50727"/>.. <supportedRuntime version="v2.0.50215"/>.. <supportedRuntime version="v1.1.4322"/>.. </startup>.. </configuration>

                                                                                                                                                              C:\Windows\Installer\SFXCA87E78A4C484AC7BA8DC6E0B5627E7F20\WixSharp.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):616448
                                                                                                                                                              Entropy (8bit):6.275281739120598
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:pRo3Y8U50f6Vo2PTCHrdjJkOVF4f45zX+fR1Yjd:oq0fV2rmrtJkOVF4f45zyR1Yj
                                                                                                                                                              MD5:EBED2675D27B9383EE8E58BDEDDD5DA4
                                                                                                                                                              SHA1:4DC37974DB638EC02363C784FA2C178125F4280F
                                                                                                                                                              SHA-256:CAA9DA1C55E33446EAEB783957E990847369423C7DD652F07A5C93BF1D786A66
                                                                                                                                                              SHA-512:B13538F58B766ABD013F73D398EAA4E1ADEC3FC967415BF7F95198E6F55AC65A12A0C3863708B6FB525EF4A01F0AB88485BB990527BC0E4F5159C8419811DFAB
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5..f.........." ..0..`...........~... ........... ....................................`.................................L~..O....................................}............................................... ............... ..H............text....^... ...`.................. ..`.rsrc................b..............@..@.reloc...............f..............@..B.................~......H...........X...........lT..((...|........................................{....*..{....*V.( .....}......}....*...0..A........u........4.,/(!....{.....{....o"...,.(#....{.....{....o$...*.*.*. =... )UU.Z(!....{....o%...X )UU.Z(#....{....o&...X*...0..b........r...p......%..{.......%q.........-.&.+.......o'....%..{.......%q.........-.&.+.......o'....((...*..{)...*..{*...*V.( .....}).....}*...*.0..A........u........4.,/(!....{)....{)...o"...,.(#....{*....{*...o$...*.*.*. .<. )UU.

                                                                                                                                                              C:\Windows\Installer\SFXCA87E78A4C484AC7BA8DC6E0B5627E7F20\WixToolset.Dtf.WindowsInstaller.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):197904
                                                                                                                                                              Entropy (8bit):6.576691555164326
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:QLxw5Btsb/b3xYxGI65OdtHMzBTx8j69UgoTqdzjDCnfKlRUjW01KyIEjZpjWja9:QLWkzBuGI0b8j6jomdCJjeU
                                                                                                                                                              MD5:B82B13D16E7F3D3607026F61B7295224
                                                                                                                                                              SHA1:D17B76907EA442B6CC5A79361A8FCEC91075E20D
                                                                                                                                                              SHA-256:BCC548E72B190D8F39DCB19538444E2576617A21CABA6ADCB4116511E1D2DDEE
                                                                                                                                                              SHA-512:BE8C0B8B585FC77693E7481CA5D3F57A8B213C1190782FD4700676AF9C0B671523C1A4FA58F15947A14C1FF6D4CDA65D7353C6BA848A3A247DFCDA864869E93F
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....J............" ..0.................. ........... .......................@....../E....@.....................................O......................../... ......x...p............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......t....G...............z............................................(;....-.r...ps<...z..s=...}....*..(;....-.r...ps<...z..(....}....*2.{....o>...*..*...2...{....o>.../..{.....o?...*r...ps@...z..0..[........(A...,.r3..ps<...z.{....oB....+..oC.....o.....(D...,......o....-....,..o.....r3..ps@...z.*.........%D.......sE...z.sE...z:..(..........*6..o....(....*..0..F........(A...,.r3..ps<...z..+..{.....o?...o.....(D...,..*......{....o>...2..*r.-.rI..ps<...z.{......oF...*.sE..

                                                                                                                                                              C:\Windows\Installer\SFXCA87E78A4C484AC7BA8DC6E0B5627E7F20\pdqconnectagent-setup.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                              File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):24856
                                                                                                                                                              Entropy (8bit):6.434753182905981
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:QVc6es6XbIaz7Au+g7x9ONyb8E9VFgJy0nAM+ohQBgC:aWFbD4ulz2ECy0nAMxCB
                                                                                                                                                              MD5:35CB42244B7BDC5FF2C50A6E1F878ACB
                                                                                                                                                              SHA1:DB89B326FF68EAA9CE7AA6C0638B29A5AB01D525
                                                                                                                                                              SHA-256:2AF52A53B01EDDF5B2482B45D06B25B9740637B511A33C7A7E76FE21161938E4
                                                                                                                                                              SHA-512:3E060F338D3F5C41D302A866CD26F2C64B2571A831BD87615F914A782D6BFB94533CF3F12D955BE1A3C366AA267F931ED3EF1F13824E6EDDBEF3813D85D05883
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....,..........."...0.............jM... ...`....@.. ............................... ....`..................................M..O....`..(............:...'..........tL..8............................................ ............... ..H............text...p-... ...................... ..`.rsrc...(....`.......0..............@..@.reloc...............8..............@..B................IM......H.......X(...$............................................................(....*:.(......}....*..0...........(....9.....r...po....~....(....&.rI..p(....rk..p(.....~....rk..p(......rw..p(....o......(....-...(.....r...po....+..(....,....(.....r...po.....*....0..\........rS..po.....r...p(....r...p.o....-.~....+.~....r...p(.....(........r...p.o ...(!...o.......*........6A.......0..........r...p("...-y.r%..po....r...pr{..ps#...%.r...p(....r...p(....o$...(%...(&...~....%-.&~.......

                                                                                                                                                              C:\Windows\Installer\SFXCA87E78A4C484AC7BA8DC6E0B5627E7F20\pdqconnectagent-setup.pdb

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                              File Type:MSVC program database ver 7.00, 512*59 bytes
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):30208
                                                                                                                                                              Entropy (8bit):2.6680911663808033
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:sAP7HAPuAPxAPVdyGAPuAPxAPVdAP1HnBiPB3VxVyDUZgqurMNUNUgAM+3rhf9HP:TYRyfmRysBBiP9JkUDi7G15BNUy
                                                                                                                                                              MD5:44DF11D5C722AEFA59BA8381E80AE286
                                                                                                                                                              SHA1:A9553A2F9F052F705440EC3AADD61D900267C67F
                                                                                                                                                              SHA-256:E23FB35B01D98BE265C83E28A989D8B987DA639A9EF2040E11FD6078AAA281AE
                                                                                                                                                              SHA-512:9DF33351317D494001B4A34A8F6A03082BFC969DC4DDB8944B5E6AF4563CAE110A2603B71839FAC6623F2AD22E4F4FCB3F63F5C4FC639BBAEAB8AC15CCEC4367
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:Microsoft C/C++ MSF 7.00...DS...........;...........:...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Installer\SFXCA9B20618A2F4D43A947D4DDC1A40E47B6\CustomAction.config

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):980
                                                                                                                                                              Entropy (8bit):3.2202836610787027
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:TMHd4fNGsVymhsSesrwsr6SAzofAIbKOJ9OexT:2dhmh5r5rUP4KYb
                                                                                                                                                              MD5:C9C40AF1656F8531EAA647CACEB1E436
                                                                                                                                                              SHA1:907837497508DE13D5A7E60697FC9D050E327E19
                                                                                                                                                              SHA-256:1A67F60962CA1CBF19873B62A8518EFE8C701A09CD609AF4C50ECC7F0B468BB8
                                                                                                                                                              SHA-512:0F7033686BEFA3F4ACF3ED355C1674EAA6E349FBA97E906446C8A7000BE6876F157BC015BF5D3011FBBDC2C771BCBAEA97918B8D24C064CBBD302741CC70CBC7
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8" ?>.. <configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. <supportedRuntime version="v4.0.30319"/>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>.. <supportedRuntime version="v2.0.50727"/>.. <supportedRuntime version="v2.0.50215"/>.. <supportedRuntime version="v1.1.4322"/>.. </startup>.. </configuration>

                                                                                                                                                              C:\Windows\Installer\SFXCA9B20618A2F4D43A947D4DDC1A40E47B6\WixSharp.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):616448
                                                                                                                                                              Entropy (8bit):6.275281739120598
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:pRo3Y8U50f6Vo2PTCHrdjJkOVF4f45zX+fR1Yjd:oq0fV2rmrtJkOVF4f45zyR1Yj
                                                                                                                                                              MD5:EBED2675D27B9383EE8E58BDEDDD5DA4
                                                                                                                                                              SHA1:4DC37974DB638EC02363C784FA2C178125F4280F
                                                                                                                                                              SHA-256:CAA9DA1C55E33446EAEB783957E990847369423C7DD652F07A5C93BF1D786A66
                                                                                                                                                              SHA-512:B13538F58B766ABD013F73D398EAA4E1ADEC3FC967415BF7F95198E6F55AC65A12A0C3863708B6FB525EF4A01F0AB88485BB990527BC0E4F5159C8419811DFAB
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5..f.........." ..0..`...........~... ........... ....................................`.................................L~..O....................................}............................................... ............... ..H............text....^... ...`.................. ..`.rsrc................b..............@..@.reloc...............f..............@..B.................~......H...........X...........lT..((...|........................................{....*..{....*V.( .....}......}....*...0..A........u........4.,/(!....{.....{....o"...,.(#....{.....{....o$...*.*.*. =... )UU.Z(!....{....o%...X )UU.Z(#....{....o&...X*...0..b........r...p......%..{.......%q.........-.&.+.......o'....%..{.......%q.........-.&.+.......o'....((...*..{)...*..{*...*V.( .....}).....}*...*.0..A........u........4.,/(!....{)....{)...o"...,.(#....{*....{*...o$...*.*.*. .<. )UU.

                                                                                                                                                              C:\Windows\Installer\SFXCA9B20618A2F4D43A947D4DDC1A40E47B6\WixToolset.Dtf.WindowsInstaller.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):197904
                                                                                                                                                              Entropy (8bit):6.576691555164326
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:QLxw5Btsb/b3xYxGI65OdtHMzBTx8j69UgoTqdzjDCnfKlRUjW01KyIEjZpjWja9:QLWkzBuGI0b8j6jomdCJjeU
                                                                                                                                                              MD5:B82B13D16E7F3D3607026F61B7295224
                                                                                                                                                              SHA1:D17B76907EA442B6CC5A79361A8FCEC91075E20D
                                                                                                                                                              SHA-256:BCC548E72B190D8F39DCB19538444E2576617A21CABA6ADCB4116511E1D2DDEE
                                                                                                                                                              SHA-512:BE8C0B8B585FC77693E7481CA5D3F57A8B213C1190782FD4700676AF9C0B671523C1A4FA58F15947A14C1FF6D4CDA65D7353C6BA848A3A247DFCDA864869E93F
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....J............" ..0.................. ........... .......................@....../E....@.....................................O......................../... ......x...p............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......t....G...............z............................................(;....-.r...ps<...z..s=...}....*..(;....-.r...ps<...z..(....}....*2.{....o>...*..*...2...{....o>.../..{.....o?...*r...ps@...z..0..[........(A...,.r3..ps<...z.{....oB....+..oC.....o.....(D...,......o....-....,..o.....r3..ps@...z.*.........%D.......sE...z.sE...z:..(..........*6..o....(....*..0..F........(A...,.r3..ps<...z..+..{.....o?...o.....(D...,..*......{....o>...2..*r.-.rI..ps<...z.{......oF...*.sE..

                                                                                                                                                              C:\Windows\Installer\SFXCA9B20618A2F4D43A947D4DDC1A40E47B6\pdqconnectagent-setup.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                              File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):24856
                                                                                                                                                              Entropy (8bit):6.434753182905981
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:QVc6es6XbIaz7Au+g7x9ONyb8E9VFgJy0nAM+ohQBgC:aWFbD4ulz2ECy0nAMxCB
                                                                                                                                                              MD5:35CB42244B7BDC5FF2C50A6E1F878ACB
                                                                                                                                                              SHA1:DB89B326FF68EAA9CE7AA6C0638B29A5AB01D525
                                                                                                                                                              SHA-256:2AF52A53B01EDDF5B2482B45D06B25B9740637B511A33C7A7E76FE21161938E4
                                                                                                                                                              SHA-512:3E060F338D3F5C41D302A866CD26F2C64B2571A831BD87615F914A782D6BFB94533CF3F12D955BE1A3C366AA267F931ED3EF1F13824E6EDDBEF3813D85D05883
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....,..........."...0.............jM... ...`....@.. ............................... ....`..................................M..O....`..(............:...'..........tL..8............................................ ............... ..H............text...p-... ...................... ..`.rsrc...(....`.......0..............@..@.reloc...............8..............@..B................IM......H.......X(...$............................................................(....*:.(......}....*..0...........(....9.....r...po....~....(....&.rI..p(....rk..p(.....~....rk..p(......rw..p(....o......(....-...(.....r...po....+..(....,....(.....r...po.....*....0..\........rS..po.....r...p(....r...p.o....-.~....+.~....r...p(.....(........r...p.o ...(!...o.......*........6A.......0..........r...p("...-y.r%..po....r...pr{..ps#...%.r...p(....r...p(....o$...(%...(&...~....%-.&~.......

                                                                                                                                                              C:\Windows\Installer\SFXCABAC30776D64ECC5AFC62613A5E146B74\CustomAction.config

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):980
                                                                                                                                                              Entropy (8bit):3.2202836610787027
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:TMHd4fNGsVymhsSesrwsr6SAzofAIbKOJ9OexT:2dhmh5r5rUP4KYb
                                                                                                                                                              MD5:C9C40AF1656F8531EAA647CACEB1E436
                                                                                                                                                              SHA1:907837497508DE13D5A7E60697FC9D050E327E19
                                                                                                                                                              SHA-256:1A67F60962CA1CBF19873B62A8518EFE8C701A09CD609AF4C50ECC7F0B468BB8
                                                                                                                                                              SHA-512:0F7033686BEFA3F4ACF3ED355C1674EAA6E349FBA97E906446C8A7000BE6876F157BC015BF5D3011FBBDC2C771BCBAEA97918B8D24C064CBBD302741CC70CBC7
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8" ?>.. <configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. <supportedRuntime version="v4.0.30319"/>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>.. <supportedRuntime version="v2.0.50727"/>.. <supportedRuntime version="v2.0.50215"/>.. <supportedRuntime version="v1.1.4322"/>.. </startup>.. </configuration>

                                                                                                                                                              C:\Windows\Installer\SFXCABAC30776D64ECC5AFC62613A5E146B74\WixSharp.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):616448
                                                                                                                                                              Entropy (8bit):6.275281739120598
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:pRo3Y8U50f6Vo2PTCHrdjJkOVF4f45zX+fR1Yjd:oq0fV2rmrtJkOVF4f45zyR1Yj
                                                                                                                                                              MD5:EBED2675D27B9383EE8E58BDEDDD5DA4
                                                                                                                                                              SHA1:4DC37974DB638EC02363C784FA2C178125F4280F
                                                                                                                                                              SHA-256:CAA9DA1C55E33446EAEB783957E990847369423C7DD652F07A5C93BF1D786A66
                                                                                                                                                              SHA-512:B13538F58B766ABD013F73D398EAA4E1ADEC3FC967415BF7F95198E6F55AC65A12A0C3863708B6FB525EF4A01F0AB88485BB990527BC0E4F5159C8419811DFAB
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5..f.........." ..0..`...........~... ........... ....................................`.................................L~..O....................................}............................................... ............... ..H............text....^... ...`.................. ..`.rsrc................b..............@..@.reloc...............f..............@..B.................~......H...........X...........lT..((...|........................................{....*..{....*V.( .....}......}....*...0..A........u........4.,/(!....{.....{....o"...,.(#....{.....{....o$...*.*.*. =... )UU.Z(!....{....o%...X )UU.Z(#....{....o&...X*...0..b........r...p......%..{.......%q.........-.&.+.......o'....%..{.......%q.........-.&.+.......o'....((...*..{)...*..{*...*V.( .....}).....}*...*.0..A........u........4.,/(!....{)....{)...o"...,.(#....{*....{*...o$...*.*.*. .<. )UU.

                                                                                                                                                              C:\Windows\Installer\SFXCABAC30776D64ECC5AFC62613A5E146B74\WixToolset.Dtf.WindowsInstaller.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):197904
                                                                                                                                                              Entropy (8bit):6.576691555164326
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:QLxw5Btsb/b3xYxGI65OdtHMzBTx8j69UgoTqdzjDCnfKlRUjW01KyIEjZpjWja9:QLWkzBuGI0b8j6jomdCJjeU
                                                                                                                                                              MD5:B82B13D16E7F3D3607026F61B7295224
                                                                                                                                                              SHA1:D17B76907EA442B6CC5A79361A8FCEC91075E20D
                                                                                                                                                              SHA-256:BCC548E72B190D8F39DCB19538444E2576617A21CABA6ADCB4116511E1D2DDEE
                                                                                                                                                              SHA-512:BE8C0B8B585FC77693E7481CA5D3F57A8B213C1190782FD4700676AF9C0B671523C1A4FA58F15947A14C1FF6D4CDA65D7353C6BA848A3A247DFCDA864869E93F
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....J............" ..0.................. ........... .......................@....../E....@.....................................O......................../... ......x...p............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......t....G...............z............................................(;....-.r...ps<...z..s=...}....*..(;....-.r...ps<...z..(....}....*2.{....o>...*..*...2...{....o>.../..{.....o?...*r...ps@...z..0..[........(A...,.r3..ps<...z.{....oB....+..oC.....o.....(D...,......o....-....,..o.....r3..ps@...z.*.........%D.......sE...z.sE...z:..(..........*6..o....(....*..0..F........(A...,.r3..ps<...z..+..{.....o?...o.....(D...,..*......{....o>...2..*r.-.rI..ps<...z.{......oF...*.sE..

                                                                                                                                                              C:\Windows\Installer\SFXCABAC30776D64ECC5AFC62613A5E146B74\pdqconnectagent-setup.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                              File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):24856
                                                                                                                                                              Entropy (8bit):6.434753182905981
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:QVc6es6XbIaz7Au+g7x9ONyb8E9VFgJy0nAM+ohQBgC:aWFbD4ulz2ECy0nAMxCB
                                                                                                                                                              MD5:35CB42244B7BDC5FF2C50A6E1F878ACB
                                                                                                                                                              SHA1:DB89B326FF68EAA9CE7AA6C0638B29A5AB01D525
                                                                                                                                                              SHA-256:2AF52A53B01EDDF5B2482B45D06B25B9740637B511A33C7A7E76FE21161938E4
                                                                                                                                                              SHA-512:3E060F338D3F5C41D302A866CD26F2C64B2571A831BD87615F914A782D6BFB94533CF3F12D955BE1A3C366AA267F931ED3EF1F13824E6EDDBEF3813D85D05883
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....,..........."...0.............jM... ...`....@.. ............................... ....`..................................M..O....`..(............:...'..........tL..8............................................ ............... ..H............text...p-... ...................... ..`.rsrc...(....`.......0..............@..@.reloc...............8..............@..B................IM......H.......X(...$............................................................(....*:.(......}....*..0...........(....9.....r...po....~....(....&.rI..p(....rk..p(.....~....rk..p(......rw..p(....o......(....-...(.....r...po....+..(....,....(.....r...po.....*....0..\........rS..po.....r...p(....r...p.o....-.~....+.~....r...p(.....(........r...p.o ...(!...o.......*........6A.......0..........r...p("...-y.r%..po....r...pr{..ps#...%.r...p(....r...p(....o$...(%...(&...~....%-.&~.......

                                                                                                                                                              C:\Windows\Installer\SFXCABAC30776D64ECC5AFC62613A5E146B74\pdqconnectagent-setup.pdb

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                              File Type:MSVC program database ver 7.00, 512*59 bytes
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):30208
                                                                                                                                                              Entropy (8bit):2.6680911663808033
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:192:sAP7HAPuAPxAPVdyGAPuAPxAPVdAP1HnBiPB3VxVyDUZgqurMNUNUgAM+3rhf9HP:TYRyfmRysBBiP9JkUDi7G15BNUy
                                                                                                                                                              MD5:44DF11D5C722AEFA59BA8381E80AE286
                                                                                                                                                              SHA1:A9553A2F9F052F705440EC3AADD61D900267C67F
                                                                                                                                                              SHA-256:E23FB35B01D98BE265C83E28A989D8B987DA639A9EF2040E11FD6078AAA281AE
                                                                                                                                                              SHA-512:9DF33351317D494001B4A34A8F6A03082BFC969DC4DDB8944B5E6AF4563CAE110A2603B71839FAC6623F2AD22E4F4FCB3F63F5C4FC639BBAEAB8AC15CCEC4367
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:Microsoft C/C++ MSF 7.00...DS...........;...........:...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Installer\SFXCAFF0EF70119428EDA813B551E8FF8FDE9\CustomAction.config

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):980
                                                                                                                                                              Entropy (8bit):3.2202836610787027
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:TMHd4fNGsVymhsSesrwsr6SAzofAIbKOJ9OexT:2dhmh5r5rUP4KYb
                                                                                                                                                              MD5:C9C40AF1656F8531EAA647CACEB1E436
                                                                                                                                                              SHA1:907837497508DE13D5A7E60697FC9D050E327E19
                                                                                                                                                              SHA-256:1A67F60962CA1CBF19873B62A8518EFE8C701A09CD609AF4C50ECC7F0B468BB8
                                                                                                                                                              SHA-512:0F7033686BEFA3F4ACF3ED355C1674EAA6E349FBA97E906446C8A7000BE6876F157BC015BF5D3011FBBDC2C771BCBAEA97918B8D24C064CBBD302741CC70CBC7
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:<?xml version="1.0" encoding="utf-8" ?>.. <configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. <supportedRuntime version="v4.0.30319"/>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>.. <supportedRuntime version="v2.0.50727"/>.. <supportedRuntime version="v2.0.50215"/>.. <supportedRuntime version="v1.1.4322"/>.. </startup>.. </configuration>

                                                                                                                                                              C:\Windows\Installer\SFXCAFF0EF70119428EDA813B551E8FF8FDE9\WixSharp.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):616448
                                                                                                                                                              Entropy (8bit):6.275281739120598
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12288:pRo3Y8U50f6Vo2PTCHrdjJkOVF4f45zX+fR1Yjd:oq0fV2rmrtJkOVF4f45zyR1Yj
                                                                                                                                                              MD5:EBED2675D27B9383EE8E58BDEDDD5DA4
                                                                                                                                                              SHA1:4DC37974DB638EC02363C784FA2C178125F4280F
                                                                                                                                                              SHA-256:CAA9DA1C55E33446EAEB783957E990847369423C7DD652F07A5C93BF1D786A66
                                                                                                                                                              SHA-512:B13538F58B766ABD013F73D398EAA4E1ADEC3FC967415BF7F95198E6F55AC65A12A0C3863708B6FB525EF4A01F0AB88485BB990527BC0E4F5159C8419811DFAB
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...5..f.........." ..0..`...........~... ........... ....................................`.................................L~..O....................................}............................................... ............... ..H............text....^... ...`.................. ..`.rsrc................b..............@..@.reloc...............f..............@..B.................~......H...........X...........lT..((...|........................................{....*..{....*V.( .....}......}....*...0..A........u........4.,/(!....{.....{....o"...,.(#....{.....{....o$...*.*.*. =... )UU.Z(!....{....o%...X )UU.Z(#....{....o&...X*...0..b........r...p......%..{.......%q.........-.&.+.......o'....%..{.......%q.........-.&.+.......o'....((...*..{)...*..{*...*V.( .....}).....}*...*.0..A........u........4.,/(!....{)....{)...o"...,.(#....{*....{*...o$...*.*.*. .<. )UU.

                                                                                                                                                              C:\Windows\Installer\SFXCAFF0EF70119428EDA813B551E8FF8FDE9\WixToolset.Dtf.WindowsInstaller.dll

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):197904
                                                                                                                                                              Entropy (8bit):6.576691555164326
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3072:QLxw5Btsb/b3xYxGI65OdtHMzBTx8j69UgoTqdzjDCnfKlRUjW01KyIEjZpjWja9:QLWkzBuGI0b8j6jomdCJjeU
                                                                                                                                                              MD5:B82B13D16E7F3D3607026F61B7295224
                                                                                                                                                              SHA1:D17B76907EA442B6CC5A79361A8FCEC91075E20D
                                                                                                                                                              SHA-256:BCC548E72B190D8F39DCB19538444E2576617A21CABA6ADCB4116511E1D2DDEE
                                                                                                                                                              SHA-512:BE8C0B8B585FC77693E7481CA5D3F57A8B213C1190782FD4700676AF9C0B671523C1A4FA58F15947A14C1FF6D4CDA65D7353C6BA848A3A247DFCDA864869E93F
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....J............" ..0.................. ........... .......................@....../E....@.....................................O......................../... ......x...p............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......t....G...............z............................................(;....-.r...ps<...z..s=...}....*..(;....-.r...ps<...z..(....}....*2.{....o>...*..*...2...{....o>.../..{.....o?...*r...ps@...z..0..[........(A...,.r3..ps<...z.{....oB....+..oC.....o.....(D...,......o....-....,..o.....r3..ps@...z.*.........%D.......sE...z.sE...z:..(..........*6..o....(....*..0..F........(A...,.r3..ps<...z..+..{.....o?...o.....(D...,..*......{....o>...2..*r.-.rI..ps<...z.{......oF...*.sE..

                                                                                                                                                              C:\Windows\Installer\SFXCAFF0EF70119428EDA813B551E8FF8FDE9\pdqconnectagent-setup.exe

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\rundll32.exe
                                                                                                                                                              File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):24856
                                                                                                                                                              Entropy (8bit):6.434753182905981
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:384:QVc6es6XbIaz7Au+g7x9ONyb8E9VFgJy0nAM+ohQBgC:aWFbD4ulz2ECy0nAMxCB
                                                                                                                                                              MD5:35CB42244B7BDC5FF2C50A6E1F878ACB
                                                                                                                                                              SHA1:DB89B326FF68EAA9CE7AA6C0638B29A5AB01D525
                                                                                                                                                              SHA-256:2AF52A53B01EDDF5B2482B45D06B25B9740637B511A33C7A7E76FE21161938E4
                                                                                                                                                              SHA-512:3E060F338D3F5C41D302A866CD26F2C64B2571A831BD87615F914A782D6BFB94533CF3F12D955BE1A3C366AA267F931ED3EF1F13824E6EDDBEF3813D85D05883
                                                                                                                                                              Malicious:false
                                                                                                                                                              Antivirus:
                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....,..........."...0.............jM... ...`....@.. ............................... ....`..................................M..O....`..(............:...'..........tL..8............................................ ............... ..H............text...p-... ...................... ..`.rsrc...(....`.......0..............@..@.reloc...............8..............@..B................IM......H.......X(...$............................................................(....*:.(......}....*..0...........(....9.....r...po....~....(....&.rI..p(....rk..p(.....~....rk..p(......rw..p(....o......(....-...(.....r...po....+..(....,....(.....r...po.....*....0..\........rS..po.....r...p(....r...p.o....-.~....+.~....r...p(.....(........r...p.o ...(!...o.......*........6A.......0..........r...p("...-y.r%..po....r...pr{..ps#...%.r...p(....r...p(....o$...(%...(&...~....%-.&~.......

                                                                                                                                                              C:\Windows\Installer\SourceHash{F03416B2-8C97-4CC4-8578-5F6A58F3EB84}

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):20480
                                                                                                                                                              Entropy (8bit):1.16202174434707
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:12:JSbX72Fj8AGiLIlHVRpth/7777777777777777777777777vDHFR5+6xpSl0i8Q:JSQI5pN+sF
                                                                                                                                                              MD5:799B03F7481CC99A2269BE31F22E76C3
                                                                                                                                                              SHA1:F339B8A07757F0D1CDCC6C4554FC0429235E9982
                                                                                                                                                              SHA-256:58F241ACCFB2D32D6FC3768E85CBEA0BB09EF020B5353A04F3BE624E63BAC66B
                                                                                                                                                              SHA-512:6507DABB2260C509ADC17DEAC6CAD1E43363AEDE2F159D9434489B78A4EED19FD4F4EF9294ECC0B67294FE346753602FB685B8CE8B93B95F63E34B30355FBE06
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):20480
                                                                                                                                                              Entropy (8bit):1.6660349746809282
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:s8PhCuRc06WXJenT5WGWadYwrd/S5lFrIV2U/9/3fbxydYwrd/SIN8lQ/:DhC11nTIIImtNPdq9
                                                                                                                                                              MD5:EE115C9897CB7F50ED243A6D63944859
                                                                                                                                                              SHA1:6031C135A79833D7F3DEE05D315649C80410A44F
                                                                                                                                                              SHA-256:AF5A3FCEC8F8DBEA38C2A968E28E04AAA0442CA40BD715AFF1F9FC0917C211DF
                                                                                                                                                              SHA-512:34D0EA3D2E6F5D613499354753C08E18E7344FBEDAD691BDF87B5803DCAB0BFB05C108E62FFA24B3471C8918D2E4B8C3B78EF507184BA59F9D1648304C681840
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Installer\{F03416B2-8C97-4CC4-8578-5F6A58F3EB84}\app_icon.ico

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):285478
                                                                                                                                                              Entropy (8bit):3.121470701852555
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:X7GUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUx:r
                                                                                                                                                              MD5:B17911403313B8EC4035BF1AC1089DC1
                                                                                                                                                              SHA1:CE926A858F35611A5238A1C71DA38A92B328F836
                                                                                                                                                              SHA-256:21B0A4A7D60C8328F6987C1C9AE2773772100C08CF2123CF73C99376FFD9721C
                                                                                                                                                              SHA-512:5EEB80234BFD44ECAD026DF563A355134C18AAE1861679045B73271F07A3C6BCC8D9D5F5A289A608A4BF8D09FF9D090B43406F3748D37E3100117219146B8FEE
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:............ .h...F... .... .........00.... ..%..V......... .( ...:..(....... ..... .........................!...!...!...!...!...!...!...!...!...!...!...!...!...!...!...!...!...!...!...!...!...!...!...!...!...!...!...!...!...!...!...!...!...!....C2..dH..dH...%.4J@.S.z.S.z.3F=..0&..dH..dH..A1.!...!...!...!....dH...p...p..<..Fqa.........Cj\..@0...p...p..`E.!...!...!...!....dH...p...p..<..Fqa.........Cj\..@0...p...p..`E.!...!...!...!....dH...p...p..<..)0*.6MC.6MC.(/)..@0...p...p..`E.!...!...!...!....\B...p...p..rP..R<..R<..R<..R<..tR...p...p..X@.!...!...!...!....1'...n...p...p...p...p...p...p...p...p...m...%.!...!...!...!....3(...n...p...p...p...p...p...p...p...p...n..0&.!...!...!...!....]C...p...p..oN..N9..N9..N9..N9..qP...p...p..X@.!...!...!...!....dH...p...p..<..*3-.9TI.9TI.)1+..@0...p...p..`E.!...!...!...!....dH...p...p..<..Fqa.........Cj\..@0...p...p..`E.!...!...!...!....dH...p...p..<..Fqa.........Cj\..@0...p...p..`E.!...!...!...!....A1..`E..`E..-$.3G>.P.t.P.t.2D;../%..`E..`E..?0.!.

                                                                                                                                                              C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):364484
                                                                                                                                                              Entropy (8bit):5.365496939070379
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgau/:zTtbmkExhMJCIpEY
                                                                                                                                                              MD5:1D94036254B289C4198F5D5A369A482B
                                                                                                                                                              SHA1:6789130DD5AEA3E854C460ED9E2D966FCBFEFE3A
                                                                                                                                                              SHA-256:A437C3CFEECDF84E65CE5D5EC0B0E9939E5C4554B818B6D969B2EB1C61B7B13B
                                                                                                                                                              SHA-512:3F75AE6C2C72351B5720A838486DA13A11938030680E9BAF1118D4B671EC7F4A11BFAAAD9DA3784678382E1C2EF4126B0CFD5DCE37B0B49D001C9D8A6B862913
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                              C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):64
                                                                                                                                                              Entropy (8bit):0.34726597513537405
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:Nlll:Nll
                                                                                                                                                              MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                                                                              SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                                                                              SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                                                                              SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:@...e...........................................................

                                                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_1m44divj.iz0.psm1

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):60
                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_cd4wqici.roe.psm1

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):60
                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_czxpmajg.uv5.ps1

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):60
                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_ddfckiqe.mra.psm1

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):60
                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_fqdsmjgg.czo.ps1

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):60
                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_jr3d42m2.5eo.ps1

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):60
                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_jyt4hf5r.oxg.psm1

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):60
                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_ln1cpdfj.mbo.psm1

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):60
                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_qzoekg4v.02b.ps1

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):60
                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_s4ss1wwl.emd.ps1

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):60
                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_trk2nsoc.ipi.psm1

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):60
                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_uawecekx.5en.psm1

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):60
                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_vbvyo202.wf5.ps1

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):60
                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_x0pboxue.trd.ps1

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):60
                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_yizrlkhf.pzn.psm1

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):60
                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                              C:\Windows\Temp\__PSScriptPolicyTest_yrx5l2vd.4kk.ps1

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):60
                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                              C:\Windows\Temp\~DF10256FF6D7A7FC78.TMP

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):512
                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3::
                                                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\~DF128E950177FB706E.TMP

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):32768
                                                                                                                                                              Entropy (8bit):1.326013016684798
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:+hKu8UNveFXJ9T50BqGWadYwrd/S5lFrIV2U/9/3fbxydYwrd/SIN8lQ/:GKhVTOoIImtNPdq9
                                                                                                                                                              MD5:81494432C3AE67297D3A7F125E2F790D
                                                                                                                                                              SHA1:0C75280E8BD25C97DF1C682FECE5F0A4B0BC0C91
                                                                                                                                                              SHA-256:787E0D68EB62D0BB036FCBFFA817BB42D611B1B6AF96850B2EF667234455627D
                                                                                                                                                              SHA-512:E4C470636788ADCE4039AD2E4A423F21DED3E92013500709B420D2B0115E5DC42D413C243C22F99BE30D1D4E22CB8F96FF87BBD8339B3A223F5F59C1B02C8F38
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\~DF2CA530A658F0423A.TMP

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):512
                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3::
                                                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\~DF6A53496975B6DE4C.TMP

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):32768
                                                                                                                                                              Entropy (8bit):1.326013016684798
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:+hKu8UNveFXJ9T50BqGWadYwrd/S5lFrIV2U/9/3fbxydYwrd/SIN8lQ/:GKhVTOoIImtNPdq9
                                                                                                                                                              MD5:81494432C3AE67297D3A7F125E2F790D
                                                                                                                                                              SHA1:0C75280E8BD25C97DF1C682FECE5F0A4B0BC0C91
                                                                                                                                                              SHA-256:787E0D68EB62D0BB036FCBFFA817BB42D611B1B6AF96850B2EF667234455627D
                                                                                                                                                              SHA-512:E4C470636788ADCE4039AD2E4A423F21DED3E92013500709B420D2B0115E5DC42D413C243C22F99BE30D1D4E22CB8F96FF87BBD8339B3A223F5F59C1B02C8F38
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\~DF7361AF4F4FCDF5C2.TMP

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):20480
                                                                                                                                                              Entropy (8bit):1.6660349746809282
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:s8PhCuRc06WXJenT5WGWadYwrd/S5lFrIV2U/9/3fbxydYwrd/SIN8lQ/:DhC11nTIIImtNPdq9
                                                                                                                                                              MD5:EE115C9897CB7F50ED243A6D63944859
                                                                                                                                                              SHA1:6031C135A79833D7F3DEE05D315649C80410A44F
                                                                                                                                                              SHA-256:AF5A3FCEC8F8DBEA38C2A968E28E04AAA0442CA40BD715AFF1F9FC0917C211DF
                                                                                                                                                              SHA-512:34D0EA3D2E6F5D613499354753C08E18E7344FBEDAD691BDF87B5803DCAB0BFB05C108E62FFA24B3471C8918D2E4B8C3B78EF507184BA59F9D1648304C681840
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\~DF9BE1662B759EAFF5.TMP

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):69632
                                                                                                                                                              Entropy (8bit):0.18336721399602132
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:u/JN8lpdYwrd/SFdYwrd/S5lFrIV2U/9/3fbxNwG:YYmImtNPdC
                                                                                                                                                              MD5:E44641D3FF4BFF0531632C0AE06580E6
                                                                                                                                                              SHA1:F2CBE490B5A42E7F135AFA5E8691942761BB1751
                                                                                                                                                              SHA-256:0168A19CBD795131440BFDA564010050A85A2EE6CAF22BC9399AD86713EED8CB
                                                                                                                                                              SHA-512:361B8A43C96D671DD04B514EA9C1C75E9ADC257452AA289018DAF740DF8779C57EE73664B581906D4E9F1E1340BCEFB840EEB343230830ED8DAD983FFD64F29A
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\~DFA43BB4BE1CC147CC.TMP

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):512
                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3::
                                                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\~DFAEE45B9A02DA4483.TMP

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):512
                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3::
                                                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\~DFAF8F7F1FCA8EE369.TMP

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):512
                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:3::
                                                                                                                                                              MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                              SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                              SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                              SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\~DFDA5904711AC03E39.TMP

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):32768
                                                                                                                                                              Entropy (8bit):1.326013016684798
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:+hKu8UNveFXJ9T50BqGWadYwrd/S5lFrIV2U/9/3fbxydYwrd/SIN8lQ/:GKhVTOoIImtNPdq9
                                                                                                                                                              MD5:81494432C3AE67297D3A7F125E2F790D
                                                                                                                                                              SHA1:0C75280E8BD25C97DF1C682FECE5F0A4B0BC0C91
                                                                                                                                                              SHA-256:787E0D68EB62D0BB036FCBFFA817BB42D611B1B6AF96850B2EF667234455627D
                                                                                                                                                              SHA-512:E4C470636788ADCE4039AD2E4A423F21DED3E92013500709B420D2B0115E5DC42D413C243C22F99BE30D1D4E22CB8F96FF87BBD8339B3A223F5F59C1B02C8F38
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\~DFDFA2DA48022812CB.TMP

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):20480
                                                                                                                                                              Entropy (8bit):1.6660349746809282
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:48:s8PhCuRc06WXJenT5WGWadYwrd/S5lFrIV2U/9/3fbxydYwrd/SIN8lQ/:DhC11nTIIImtNPdq9
                                                                                                                                                              MD5:EE115C9897CB7F50ED243A6D63944859
                                                                                                                                                              SHA1:6031C135A79833D7F3DEE05D315649C80410A44F
                                                                                                                                                              SHA-256:AF5A3FCEC8F8DBEA38C2A968E28E04AAA0442CA40BD715AFF1F9FC0917C211DF
                                                                                                                                                              SHA-512:34D0EA3D2E6F5D613499354753C08E18E7344FBEDAD691BDF87B5803DCAB0BFB05C108E62FFA24B3471C8918D2E4B8C3B78EF507184BA59F9D1648304C681840
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              C:\Windows\Temp\~DFF7E26199D5F30E14.TMP

                                                                                                                                                              Download File
                                                                                                                                                              Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                              File Type:data
                                                                                                                                                              Category:dropped
                                                                                                                                                              Size (bytes):32768
                                                                                                                                                              Entropy (8bit):0.06907187560132341
                                                                                                                                                              Encrypted:false
                                                                                                                                                              SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOxP5m76OhQVky6lS:2F0i8n0itFzDHFR5+6wS
                                                                                                                                                              MD5:6062F627FFA1C83BECA9E19CA251644A
                                                                                                                                                              SHA1:53DAD7E6E8FE1FBB6730D80442F377EE8B01C39B
                                                                                                                                                              SHA-256:251D8F05E9AC25CD6164284596B280731FBE44C77910BC012AA45A2A8D56F136
                                                                                                                                                              SHA-512:687212CBD21534AF837B176E8B6FCC0B6B473886045E0B90784CA6642E731EC267B612E5E93AF1169834DDAB80B5930143978FB7225B5C547CBC2273DACE28D0
                                                                                                                                                              Malicious:false
                                                                                                                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                              Static File Info

                                                                                                                                                              General

                                                                                                                                                              File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: PDQConnectAgent, Author: PDQ.com, Keywords: Installer, Comments: This installer database contains the logic and data required to install PDQConnectAgent., Template: x64;1033, Revision Number: {BBBF9B45-7132-4A74-8235-C1D5ECC6E746}, Create Time/Date: Tue Sep 17 15:34:46 2024, Last Saved Time/Date: Tue Sep 17 15:34:46 2024, Number of Pages: 200, Number of Words: 2, Name of Creating Application: WiX Toolset (5.0.0.0), Security: 2
                                                                                                                                                              Entropy (8bit):7.725154849572571
                                                                                                                                                              TrID:
                                                                                                                                                              • Microsoft Windows Installer (60509/1) 57.88%
                                                                                                                                                              • ClickyMouse macro set (36024/1) 34.46%
                                                                                                                                                              • Generic OLE2 / Multistream Compound File (8008/1) 7.66%
                                                                                                                                                              File name:Portal.msi
                                                                                                                                                              File size:4'946'944 bytes
                                                                                                                                                              MD5:9b7151e351cfbfbf8276b9a2cd8dccc2
                                                                                                                                                              SHA1:c5f1808e63a6ba22f602bab3225d8821372b8e79
                                                                                                                                                              SHA256:60b686750a697e5b2a1580e7b2932c269bf7e2231869769c2ad49546f2f8577c
                                                                                                                                                              SHA512:0dc97164e7fc1e80fea8a6fe0556b6b8d5a5fe84bad9e533ec72067a6bfcefe97ba1b7a74c69b60d81693616d75656904595ba65bd91b2eabc196a7d4d121e2b
                                                                                                                                                              SSDEEP:98304:TdPxrBOio8Pis9TsPYT5Lpl7VETqDno02:TdJrBOkispsQT5Fl7kqDh2
                                                                                                                                                              TLSH:EB36011976940CADD8E64235845EF215AE72384D273C85DA4F363CF97E2AEE0637A3C1
                                                                                                                                                              File Content Preview:........................>...................L...S%..........Q%..............]%..^%.._%..`%..a%..b%..c%..d%..e%..f%..g%..h%..i%..j%..k%..l%..m%..n%..o%..p%..q%..r%..s%..t%..u%..v%..w%..x%..y%..z%..{%..|%..}%..~%...%...%...%...%...%...%...%...%...%...%...%.

                                                                                                                                                              File Icon

                                                                                                                                                              Icon Hash:2d2e3797b32b2b99

                                                                                                                                                              Network Behavior

                                                                                                                                                              Network Port Distribution

                                                                                                                                                              TCP Packets

                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                              Oct 7, 2024 13:23:14.507894039 CEST49705443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:23:14.507939100 CEST44349705104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:14.508002996 CEST49705443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:23:14.537415028 CEST49705443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:23:14.537432909 CEST44349705104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:15.027328014 CEST44349705104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:15.027606964 CEST49705443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:23:15.039144993 CEST49705443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:23:15.039170980 CEST44349705104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:15.039920092 CEST44349705104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:15.090192080 CEST49705443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:23:15.352507114 CEST49705443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:23:15.395430088 CEST44349705104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:15.537345886 CEST44349705104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:15.537584066 CEST44349705104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:15.537643909 CEST49705443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:23:15.539175034 CEST49705443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:23:15.539195061 CEST44349705104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:15.628937006 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:15.628972054 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:15.629163980 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:15.630023003 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:15.630038023 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.094820023 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.094901085 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.101269007 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.101280928 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.101736069 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.102997065 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.147408009 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.391832113 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.392029047 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.392087936 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.392127991 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.392210960 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.392262936 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.392270088 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.392349958 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.392402887 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.392409086 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.392503023 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.392548084 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.392554998 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.396545887 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.396604061 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.396610022 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.449908018 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.449920893 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.478527069 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.478590012 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.478600979 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.478728056 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.478776932 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.478782892 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.478904009 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.478961945 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.478966951 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.479047060 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.479098082 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.479103088 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.479326963 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.479388952 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.479393005 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.479790926 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.479852915 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.479860067 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.479954004 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.480012894 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.480019093 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.480092049 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.480137110 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.480143070 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.480832100 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.480886936 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.480891943 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.480973005 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.481024027 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.481029034 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.481136084 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.481184959 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.481190920 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.481714010 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.481769085 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.481774092 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.527678013 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.527689934 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.565299034 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.565372944 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.565382957 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.565517902 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.565572023 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.565577030 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.565809965 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.565865993 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.565871954 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.565903902 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.565936089 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.565941095 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.565988064 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.566438913 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.566458941 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.566497087 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.566785097 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.566848040 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.566853046 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.566934109 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.566945076 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.567004919 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.567759991 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.567836046 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.567858934 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.567918062 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.567944050 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.567997932 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.568717957 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.568787098 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.568846941 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.568911076 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.569725037 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.569811106 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.569812059 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.569842100 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.569863081 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.569883108 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.570656061 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.570722103 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.570739985 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.570858002 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.652188063 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.652273893 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.652322054 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.652370930 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.652473927 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.652534008 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.652573109 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.652631998 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.652673960 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.652726889 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.652781010 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.652836084 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.652878046 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.652935982 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.652976990 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.653080940 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.653115988 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.653120995 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.653129101 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.653182030 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.653240919 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.653245926 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.653280020 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.653287888 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.653310061 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.653337002 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.653409004 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.653459072 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.653464079 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.653502941 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.653508902 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.653532028 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.653572083 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.653629065 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.653681993 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.653687000 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.653724909 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.653731108 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.653753996 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.653791904 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.656858921 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.656923056 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.656929016 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.656975985 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.656979084 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.657000065 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.657042980 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.657110929 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.657170057 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.657174110 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.657215118 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.657226086 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.657283068 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.657320023 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.657366037 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.657434940 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.657490969 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.657520056 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.657582045 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.657651901 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.657706022 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.657737017 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.657793045 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.657931089 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.657990932 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.658052921 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.658104897 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.738961935 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.738992929 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.739039898 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.739044905 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.739068031 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.739082098 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.739085913 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.739118099 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.739160061 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.739505053 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.739535093 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.739576101 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.739582062 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.739619970 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.739633083 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.739669085 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.739723921 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.739729881 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.739741087 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.739773035 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.740112066 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.740132093 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.740170956 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.740176916 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.740206957 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.740456104 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.740477085 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.740514994 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.740521908 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.740552902 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.740884066 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.740901947 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.740947962 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.740953922 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.740978003 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.741168976 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.741213083 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.741231918 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.741239071 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.741260052 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.741282940 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.741336107 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.741394043 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.741413116 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.741436958 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.741472006 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.741477013 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.741488934 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.741496086 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.741538048 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.826082945 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.826112032 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.826206923 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.826219082 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.826227903 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.826250076 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.826277971 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.826306105 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.826309919 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.826338053 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.826368093 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.826421976 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.826488018 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.826493979 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.826529026 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.826600075 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.826606035 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.826625109 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.826653957 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.826658010 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.826672077 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.826692104 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.826754093 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.826766968 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.826777935 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.826823950 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.826823950 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.826834917 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.826853991 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.826896906 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.826905012 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.826926947 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.826986074 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.827110052 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.827130079 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.827177048 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.827194929 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.827203989 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.827260017 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.827317953 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.827325106 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.827409983 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.827414989 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.827469110 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.827685118 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.827701092 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.827763081 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.827769041 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.827801943 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.827815056 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.912678957 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.912723064 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.912760973 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.912784100 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.912827015 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.912827015 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.912872076 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.912918091 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.912935019 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.912940979 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.912978888 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.912992954 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.913276911 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.913326979 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.913367987 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.913373947 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.913384914 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.913431883 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.913481951 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.913487911 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.913544893 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.913764954 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.913805962 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.913836956 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.913841009 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.913868904 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.913887978 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.914000034 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.914043903 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.914067030 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.914072037 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.914098978 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.914117098 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.914171934 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.914232969 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.914635897 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.914674997 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.914700985 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.914705038 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.914736032 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.914776087 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.914834976 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.914843082 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.914897919 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.914958954 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.914964914 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.915007114 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.915106058 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.915147066 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.915173054 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.915178061 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:16.915206909 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:16.915220976 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.000334024 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.000401020 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.000432014 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.000439882 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.000480890 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.000624895 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.000682116 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.000705957 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.000710964 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.000742912 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.000776052 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.001068115 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.001185894 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.001195908 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.001204014 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.001226902 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.001274109 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.001326084 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.001332045 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.001368999 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.001374006 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.001403093 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.001431942 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.001452923 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.001457930 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.001586914 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.001627922 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.001694918 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.001694918 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.001701117 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.001766920 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.001823902 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.001828909 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.001862049 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.001869917 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.001884937 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.001915932 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.001924992 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.001950979 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.001955986 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.001981974 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.002002954 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.002363920 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.002419949 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.002439022 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.002444983 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.002476931 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.002511978 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.002561092 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.002733946 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.002779961 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.002799034 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.002804041 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.002830029 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.043325901 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.086576939 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.086687088 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.086694002 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.086714029 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.086756945 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.086769104 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.086793900 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.086821079 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.086982012 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.087030888 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.087050915 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.087057114 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.087105036 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.087183952 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.087243080 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.087299109 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.087354898 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.087640047 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.087682009 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.087703943 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.087708950 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.087743044 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.088114977 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.088160992 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.088175058 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.088185072 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.088221073 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.088280916 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.088346004 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.088351011 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.088399887 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.088485956 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.088530064 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.088547945 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.088553905 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.088582039 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.088619947 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.088639021 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.088644028 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.088686943 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.088707924 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.088711977 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.088769913 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.088819027 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.088824987 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.088862896 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.088874102 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.088898897 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.088943005 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.088969946 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.088973999 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.137073994 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.173697948 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.173763990 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.173851967 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.173868895 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.173917055 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.173927069 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.173980951 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.173988104 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.174076080 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.174128056 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.174138069 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.174161911 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.174196005 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.174288988 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.174329996 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.174351931 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.174357891 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.174400091 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.174464941 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.174521923 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.174618006 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.174690962 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.174696922 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.174761057 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.174801111 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.174819946 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.174832106 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.174865007 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.174995899 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.175075054 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.175103903 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.175110102 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.175121069 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.175144911 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.175159931 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.175215960 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.175489902 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.175533056 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.175559044 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.175564051 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.175591946 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.175651073 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.175704956 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.175709009 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.175749063 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.175761938 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.175818920 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.175889015 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.175964117 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.175968885 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.176008940 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.260487080 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.260521889 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.260586023 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.260587931 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.260601044 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.260641098 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.260652065 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.260677099 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.260680914 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.260704041 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.260730028 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.260795116 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.260848045 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.260853052 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.261027098 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.261087894 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.261099100 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.261120081 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.261151075 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.261163950 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.261293888 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.261354923 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.261538982 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.261580944 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.261601925 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.261606932 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.261636019 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.261964083 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.262016058 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.262054920 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.262058973 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.262079000 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.262402058 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.262442112 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.262464046 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.262470007 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.262506008 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.262764931 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.262813091 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.262841940 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.262845993 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.262864113 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.262965918 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.263016939 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.263030052 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.263050079 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.263083935 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.308964968 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.347414017 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.347470045 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.347512960 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.347517967 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.347554922 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.347568989 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.347763062 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.347784996 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.347820997 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.347825050 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.347848892 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.347866058 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.348020077 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.348061085 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.348092079 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.348095894 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.348118067 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.348135948 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.348318100 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.348336935 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.348388910 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.348392963 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.348404884 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.348443985 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.348640919 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.348664045 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.348706007 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.348710060 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.348761082 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.348761082 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.348879099 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.348900080 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.348964930 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.348968983 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.348997116 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.349085093 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.349176884 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.349220991 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.349242926 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.349245071 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.349260092 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.349265099 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.349291086 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.349303007 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.349318027 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.349364042 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.349621058 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.349642992 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.349693060 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.349698067 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.349718094 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.402699947 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.434331894 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.434425116 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.434432983 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.434505939 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.434571028 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.434576988 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.434940100 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.434990883 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.435004950 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.435024023 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.435060024 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.435162067 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.435213089 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.435219049 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.435256004 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.435266018 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.435307980 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.435314894 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.435323000 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.435352087 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.435364962 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.435766935 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.435791016 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.435830116 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.435832024 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.435842991 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.435863972 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.435883999 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.436161041 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.436187983 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.436222076 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.436227083 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.436243057 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.436449051 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.436471939 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.436511040 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.436517000 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.436553001 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.436729908 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.436777115 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.436786890 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.436791897 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.436821938 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.437041998 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.437097073 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.437103033 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.437113047 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.437144041 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.437172890 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.736057043 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.736120939 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.736186981 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.736200094 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.736219883 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.736233950 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.736258984 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.736279011 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.736279011 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.736283064 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.736295938 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.736314058 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.736319065 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.736342907 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.736362934 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.736368895 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.736397982 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.736454010 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.736500978 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.736665964 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.736694098 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.736723900 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.736726999 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.736748934 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.736808062 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.736859083 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.736865044 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.737452984 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.737471104 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.737544060 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.737548113 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.737562895 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.737616062 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.737662077 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.737689972 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.737746000 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.737746000 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.737746000 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.737746000 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.737746000 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.737746000 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.737746954 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.737771988 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.737807035 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.737807035 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.737924099 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.738383055 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.738404036 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.738447905 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.738456011 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:17.738471985 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.738523006 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.740885973 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:17.740904093 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.171705961 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.171879053 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.171953917 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.171953917 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.171992064 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.172066927 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.172162056 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.172267914 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.172285080 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.172292948 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.172322989 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.172334909 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.172683954 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.172753096 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.172807932 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.172863007 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.172899961 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.172959089 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.172964096 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.173008919 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.173367977 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.173417091 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.173445940 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.173451900 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.173481941 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.173634052 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.173716068 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.173723936 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.173767090 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.173890114 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.173938036 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.173964024 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.173969030 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.174000025 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.174017906 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.174057961 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.174109936 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.174171925 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.174231052 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.174292088 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.174371958 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.174376965 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.174427032 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.174576998 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.174621105 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.174638987 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.174644947 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.174669027 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.174770117 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.174818993 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.174835920 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.174850941 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.174884081 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.174961090 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.175002098 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.175020933 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.175030947 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.175080061 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.175096989 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.175158024 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.175494909 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.175542116 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.175570011 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.175575972 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.175606012 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.175621986 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.175646067 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.175705910 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.175707102 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.175721884 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.175734997 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.175755024 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.175760984 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.175781965 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.175790071 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.175806999 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.177762032 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.177782059 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.177824020 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.177830935 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.177855015 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.177876949 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.177923918 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.177931070 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.177975893 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.178098917 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.178168058 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.178174019 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.178283930 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.178302050 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.178338051 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.178344965 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.178369999 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.178689957 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.178708076 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.178761005 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.178769112 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.178951979 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.178970098 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.179009914 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.179016113 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.179027081 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.179032087 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.179078102 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.179081917 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.179089069 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.179126978 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.179406881 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.179471016 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.179472923 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.179486990 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.179500103 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.179523945 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.179532051 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.179548025 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.179555893 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.179584026 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.179604053 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.179862022 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.179883957 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.179920912 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.179928064 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.179955006 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.179971933 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.180128098 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.180147886 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.180186033 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.180191994 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.180221081 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.180238008 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.180274963 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.180322886 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.180335999 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.180382013 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.180645943 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.180670023 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.180706024 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.180711031 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.180726051 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.180753946 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.180833101 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.180851936 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.180886030 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.180891037 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.180918932 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.180927038 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.180943966 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.180951118 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.180973053 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.181317091 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.181341887 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.181371927 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.181379080 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.181408882 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.181415081 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.181452036 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.181457043 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.181512117 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.181552887 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.181698084 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.181703091 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.181710958 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.181740999 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.181752920 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.181801081 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.181847095 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.181884050 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.181890965 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.181910038 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.181936979 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.182358980 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.182385921 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.182423115 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.182427883 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.182442904 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.182512999 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.182518005 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.182543993 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.182579041 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.182585001 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.182601929 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.182619095 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.182650089 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.182697058 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.182703972 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.182749033 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.182749987 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.182766914 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.182806969 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.183233023 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.183259010 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.183296919 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.183303118 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.183316946 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.183342934 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.183561087 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.183581114 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.183623075 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.183628082 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.183645964 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.183667898 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.183674097 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.183726072 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.183732986 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.183744907 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.183789015 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.183794975 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.183813095 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.183835983 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.183841944 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.183868885 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.183895111 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.184398890 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.184423923 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.184464931 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.184470892 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.184483051 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.184648037 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.184689045 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.184705973 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.184712887 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.184741020 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.184748888 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.195081949 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.195107937 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.195158958 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.195169926 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.195194960 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.195214987 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.195224047 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.195233107 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.195276022 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.195287943 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.195303917 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.195348024 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.195353985 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.195668936 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.195688009 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.195728064 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.195734978 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.195761919 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.195796967 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.195868969 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.195930958 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.195939064 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.196297884 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.196316004 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.196355104 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.196361065 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.196394920 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.196403980 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.196429014 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.196454048 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.196460009 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.196507931 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.196533918 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.196566105 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.196572065 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.196585894 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.196626902 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.196641922 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.196647882 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.196690083 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.196698904 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.196739912 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.197151899 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.197171926 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.197217941 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.197223902 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.197247028 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.197266102 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.197324991 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.197384119 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.197388887 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.197422028 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.197438002 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.197444916 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.197463036 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.197463989 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.197489977 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.197489977 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.197510004 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.197524071 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.197556973 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.197896004 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.197918892 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.197956085 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.197963953 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.197971106 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.197985888 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.198005915 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.198029041 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.198039055 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.198069096 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.198097944 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.198105097 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.198137045 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.198170900 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.198206902 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.198209047 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.198219061 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.198220015 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.198256969 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.198283911 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.198856115 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.198879957 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.198925972 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.198931932 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.198950052 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.198985100 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.199054003 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.199074030 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.199107885 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.199115992 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.199127913 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.199158907 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.223716974 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.223742962 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.223802090 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.223808050 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.223875046 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.223881006 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.223893881 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.223897934 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.223936081 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.223942995 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.224013090 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.282310963 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.282363892 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.282426119 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.282434940 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.282469034 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.282622099 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.282622099 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.282660007 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.282712936 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.282805920 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.282850027 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.282870054 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.282877922 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.282907963 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.282929897 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.282952070 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.283009052 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.283015966 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.283102036 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.283164978 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.283170938 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.283212900 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.283214092 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.283246040 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.283278942 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.283288956 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.283304930 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.283308983 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.283334017 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.283502102 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.283540964 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.283566952 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.283574104 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.283600092 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.283755064 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.283833981 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.283843994 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.310946941 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.311008930 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.311043978 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.311052084 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.311084032 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.311141968 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.311196089 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.311203003 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.311249971 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.311269999 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.311300993 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.311332941 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.311357975 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.311362028 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.311445951 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.311500072 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.311506987 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.355829000 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.369381905 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.369466066 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.369474888 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.369777918 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.369797945 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.369848967 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.369856119 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.369884968 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.369945049 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.369998932 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.370006084 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.370318890 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.370338917 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.370373964 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.370379925 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.370407104 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.370804071 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.370829105 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.370857954 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.370863914 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.370878935 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.371304035 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.371321917 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.371356010 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.371364117 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.371376991 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.371648073 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.371670961 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.371705055 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.371711969 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.371730089 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.397634983 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.397680998 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.397749901 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.397772074 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.397789001 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.397907972 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.397958994 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.397965908 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.397995949 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.398030043 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.449589014 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.456767082 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.456800938 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.456845999 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.456856966 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.456882000 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.456895113 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.456906080 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.456918001 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.456953049 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.457118034 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.457173109 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.457199097 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.457206011 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.457231998 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.457254887 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.457644939 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.457699060 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.457730055 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.457736969 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.457768917 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.457782984 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.457828999 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.457890034 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.457899094 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.457914114 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.457941055 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.457957029 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.458230972 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.458276987 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.458300114 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.458307028 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.458339930 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.458354950 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.458713055 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.458758116 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.458786011 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.458791971 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.458822966 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.458833933 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.484853029 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.484924078 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.484941959 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.484961987 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.484981060 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.484998941 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.485028982 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.485089064 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.485090971 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.485117912 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.485143900 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.485166073 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.543123007 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.543145895 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.543320894 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.543365002 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.543447971 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.543447971 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.543488979 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.543589115 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.544806004 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.544823885 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.544867992 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.544878006 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.544908047 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.545074940 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.545095921 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.545128107 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.545135021 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.545150042 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.545447111 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.545516968 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.545561075 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.545567989 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.545593977 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.545706987 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.545752048 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.545764923 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.545780897 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.545811892 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.571633101 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.571679115 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.571810961 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.571847916 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.571847916 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.571860075 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.571892977 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.571894884 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.571929932 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.571955919 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.630103111 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.630125999 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.630218029 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.630295992 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.630343914 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.630343914 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.630383968 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.630424976 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.631654978 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.631673098 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.631730080 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.631743908 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.631987095 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.632009983 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.632050991 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.632056952 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.632086992 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.632256031 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.632272959 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.632308960 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.632316113 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.632330894 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.632519007 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.632541895 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.632575989 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.632584095 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.632597923 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.658442974 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.658488989 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.658557892 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.658648014 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.658648014 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.658648014 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.658689976 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.658714056 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.658768892 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.658777952 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.658796072 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.658832073 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.699601889 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.716960907 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.716973066 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.717010975 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.717027903 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.717104912 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:18.717247009 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.717247009 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.717735052 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.717735052 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.717864990 CEST49706443192.168.2.5162.159.140.238
                                                                                                                                                              Oct 7, 2024 13:23:18.717889071 CEST44349706162.159.140.238192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:14.998811007 CEST49979443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:14.998913050 CEST44349979104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:14.999012947 CEST49979443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:14.999432087 CEST49979443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:14.999470949 CEST44349979104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:15.477472067 CEST44349979104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:15.477658033 CEST49979443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:15.479542971 CEST49979443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:15.479561090 CEST44349979104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:15.479890108 CEST44349979104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:15.528487921 CEST49979443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:15.579468966 CEST49979443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:15.627405882 CEST44349979104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:15.773329973 CEST44349979104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:15.773399115 CEST44349979104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:15.773487091 CEST49979443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:15.773983002 CEST49979443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:15.774013042 CEST44349979104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:15.774092913 CEST49979443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:15.774099112 CEST44349979104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:15.849713087 CEST49980443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:15.849771023 CEST44349980104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:15.849967957 CEST49980443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:15.850439072 CEST49980443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:15.850455046 CEST44349980104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:16.337268114 CEST44349980104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:16.337426901 CEST49980443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:16.339418888 CEST49980443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:16.339430094 CEST44349980104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:16.339749098 CEST44349980104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:16.340641022 CEST49980443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:16.383414030 CEST44349980104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:16.556026936 CEST44349980104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:16.556107998 CEST44349980104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:16.556207895 CEST49980443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:16.556658030 CEST49980443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:16.556684017 CEST44349980104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:16.558625937 CEST49981443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:16.558671951 CEST44349981104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:16.558749914 CEST49981443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:16.559084892 CEST49981443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:16.559099913 CEST44349981104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:17.016330004 CEST44349981104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:17.016472101 CEST49981443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:17.233083010 CEST49981443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:17.233161926 CEST44349981104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:17.233596087 CEST44349981104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:17.234458923 CEST49981443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:17.275412083 CEST44349981104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:17.375791073 CEST44349981104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:17.375874043 CEST44349981104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:17.375932932 CEST49981443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:17.376400948 CEST49981443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:17.376424074 CEST44349981104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:17.377928019 CEST49982443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:17.377954006 CEST44349982104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:17.378019094 CEST49982443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:17.378432989 CEST49982443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:17.378443956 CEST44349982104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:17.856695890 CEST44349982104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:17.856827974 CEST49982443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:17.858670950 CEST49982443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:17.858685017 CEST44349982104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:17.859009981 CEST44349982104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:17.859551907 CEST49982443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:17.907399893 CEST44349982104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:18.057605982 CEST44349982104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:18.057679892 CEST44349982104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:18.057733059 CEST49982443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:18.058188915 CEST49982443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:18.058209896 CEST44349982104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:18.069806099 CEST49983443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:24:18.069900990 CEST4434998334.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:18.069998980 CEST49983443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:24:18.070336103 CEST49983443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:24:18.070372105 CEST4434998334.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:18.533236980 CEST4434998334.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:18.533313990 CEST49983443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:24:18.535079002 CEST49983443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:24:18.535099030 CEST4434998334.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:18.535464048 CEST4434998334.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:18.536217928 CEST49983443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:24:18.536248922 CEST4434998334.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:18.668344975 CEST4434998334.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:18.668931961 CEST4434998334.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:18.669019938 CEST49983443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:24:18.669177055 CEST49983443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:24:41.234694004 CEST49984443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:41.234766006 CEST44349984104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:41.234884024 CEST49984443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:41.235279083 CEST49984443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:41.235313892 CEST44349984104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:41.718240976 CEST44349984104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:41.718354940 CEST49984443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:41.719753027 CEST49984443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:41.719783068 CEST44349984104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:41.720124006 CEST44349984104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:41.720978975 CEST49984443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:41.767406940 CEST44349984104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:41.911659956 CEST44349984104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:41.911756039 CEST44349984104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:41.911840916 CEST49984443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:41.912446976 CEST49984443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:41.912493944 CEST44349984104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:41.914388895 CEST49985443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:24:41.914494991 CEST4434998534.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:41.914623022 CEST49985443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:24:41.919799089 CEST49985443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:24:41.919836998 CEST4434998534.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:42.391334057 CEST4434998534.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:42.391500950 CEST49985443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:24:42.393450022 CEST49985443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:24:42.393482924 CEST4434998534.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:42.393939018 CEST4434998534.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:42.394514084 CEST49985443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:24:42.394545078 CEST4434998534.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:42.529221058 CEST4434998534.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:42.529437065 CEST4434998534.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:42.529531002 CEST49985443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:24:42.529928923 CEST49985443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:24:42.529973030 CEST4434998534.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:48.905394077 CEST49986443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:48.905491114 CEST44349986104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:48.905759096 CEST49986443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:48.906074047 CEST49986443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:48.906152010 CEST44349986104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:50.356089115 CEST44349986104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:50.356237888 CEST49986443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:50.358264923 CEST49986443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:50.358278036 CEST44349986104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:50.358632088 CEST44349986104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:50.359420061 CEST49986443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:50.403426886 CEST44349986104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:50.536716938 CEST44349986104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:50.536870956 CEST44349986104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:50.536951065 CEST49986443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:50.537236929 CEST49986443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:24:50.537266016 CEST44349986104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:50.538625002 CEST49987443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:24:50.538666010 CEST4434998734.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:50.538750887 CEST49987443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:24:50.539365053 CEST49987443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:24:50.539378881 CEST4434998734.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:50.997828960 CEST4434998734.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:50.998050928 CEST49987443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:24:51.000091076 CEST49987443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:24:51.000104904 CEST4434998734.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:51.000432968 CEST4434998734.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:51.001000881 CEST49987443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:24:51.001015902 CEST4434998734.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:51.132138014 CEST4434998734.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:51.132347107 CEST4434998734.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:51.132410049 CEST49987443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:24:51.132595062 CEST49987443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:25:08.579297066 CEST49988443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:25:08.579349995 CEST44349988104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:25:08.579463959 CEST49988443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:25:08.579952002 CEST49988443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:25:08.579971075 CEST44349988104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:25:09.048979044 CEST44349988104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:25:09.049146891 CEST49988443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:25:09.050642014 CEST49988443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:25:09.050653934 CEST44349988104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:25:09.051177979 CEST44349988104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:25:09.052212000 CEST49988443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:25:09.099407911 CEST44349988104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:25:09.273632050 CEST44349988104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:25:09.273777008 CEST44349988104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:25:09.273864985 CEST49988443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:25:09.274416924 CEST49988443192.168.2.5104.16.77.47
                                                                                                                                                              Oct 7, 2024 13:25:09.274437904 CEST44349988104.16.77.47192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:25:09.276561975 CEST49989443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:25:09.276609898 CEST4434998934.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:25:09.277127981 CEST49989443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:25:09.277127981 CEST49989443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:25:09.277164936 CEST4434998934.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:25:09.743283033 CEST4434998934.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:25:09.743376970 CEST49989443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:25:09.867433071 CEST49989443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:25:09.867470980 CEST4434998934.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:25:09.868395090 CEST4434998934.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:25:09.869349957 CEST49989443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:25:09.869368076 CEST4434998934.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:25:10.003016949 CEST4434998934.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:25:10.003201962 CEST4434998934.128.163.126192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:25:10.003339052 CEST49989443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:25:10.003592014 CEST49989443192.168.2.534.128.163.126
                                                                                                                                                              Oct 7, 2024 13:25:10.003623962 CEST4434998934.128.163.126192.168.2.5

                                                                                                                                                              UDP Packets

                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                              Oct 7, 2024 13:23:14.491908073 CEST6415753192.168.2.51.1.1.1
                                                                                                                                                              Oct 7, 2024 13:23:14.499655008 CEST53641571.1.1.1192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:23:15.617052078 CEST6425353192.168.2.51.1.1.1
                                                                                                                                                              Oct 7, 2024 13:23:15.627840996 CEST53642531.1.1.1192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:14.987552881 CEST6009753192.168.2.51.1.1.1
                                                                                                                                                              Oct 7, 2024 13:24:14.997832060 CEST53600971.1.1.1192.168.2.5
                                                                                                                                                              Oct 7, 2024 13:24:18.059039116 CEST6323053192.168.2.51.1.1.1
                                                                                                                                                              Oct 7, 2024 13:24:18.068924904 CEST53632301.1.1.1192.168.2.5

                                                                                                                                                              DNS Queries

                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                              Oct 7, 2024 13:23:14.491908073 CEST192.168.2.51.1.1.10xdb78Standard query (0)app.pdq.comA (IP address)IN (0x0001)false
                                                                                                                                                              Oct 7, 2024 13:23:15.617052078 CEST192.168.2.51.1.1.10x6538Standard query (0)pdqinstallers.e9d69694c3d8f7465fd531512c22bd0f.r2.cloudflarestorage.comA (IP address)IN (0x0001)false
                                                                                                                                                              Oct 7, 2024 13:24:14.987552881 CEST192.168.2.51.1.1.10xb1eeStandard query (0)app.pdq.comA (IP address)IN (0x0001)false
                                                                                                                                                              Oct 7, 2024 13:24:18.059039116 CEST192.168.2.51.1.1.10xf2a1Standard query (0)websocket.app.pdq.comA (IP address)IN (0x0001)false

                                                                                                                                                              DNS Answers

                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                              Oct 7, 2024 13:23:14.499655008 CEST1.1.1.1192.168.2.50xdb78No error (0)app.pdq.com104.16.77.47A (IP address)IN (0x0001)false
                                                                                                                                                              Oct 7, 2024 13:23:14.499655008 CEST1.1.1.1192.168.2.50xdb78No error (0)app.pdq.com104.16.78.47A (IP address)IN (0x0001)false
                                                                                                                                                              Oct 7, 2024 13:23:15.627840996 CEST1.1.1.1192.168.2.50x6538No error (0)pdqinstallers.e9d69694c3d8f7465fd531512c22bd0f.r2.cloudflarestorage.com162.159.140.238A (IP address)IN (0x0001)false
                                                                                                                                                              Oct 7, 2024 13:23:15.627840996 CEST1.1.1.1192.168.2.50x6538No error (0)pdqinstallers.e9d69694c3d8f7465fd531512c22bd0f.r2.cloudflarestorage.com172.66.0.236A (IP address)IN (0x0001)false
                                                                                                                                                              Oct 7, 2024 13:24:14.997832060 CEST1.1.1.1192.168.2.50xb1eeNo error (0)app.pdq.com104.16.77.47A (IP address)IN (0x0001)false
                                                                                                                                                              Oct 7, 2024 13:24:14.997832060 CEST1.1.1.1192.168.2.50xb1eeNo error (0)app.pdq.com104.16.78.47A (IP address)IN (0x0001)false
                                                                                                                                                              Oct 7, 2024 13:24:18.068924904 CEST1.1.1.1192.168.2.50xf2a1No error (0)websocket.app.pdq.com34.128.163.126A (IP address)IN (0x0001)false

                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                              • app.pdq.com
                                                                                                                                                              • pdqinstallers.e9d69694c3d8f7465fd531512c22bd0f.r2.cloudflarestorage.com
                                                                                                                                                              • websocket.app.pdq.com:443

                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              0192.168.2.549705104.16.77.474432820C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-10-07 11:23:15 UTC138OUTGET /v1/devices/release-channels/stable/manifest.json HTTP/1.1
                                                                                                                                                              x-pdq-key-ids: ask_b357915753b14d77946
                                                                                                                                                              accept: */*
                                                                                                                                                              host: app.pdq.com
                                                                                                                                                              2024-10-07 11:23:15 UTC858INHTTP/1.1 200 OK
                                                                                                                                                              Date: Mon, 07 Oct 2024 11:23:15 GMT
                                                                                                                                                              Content-Type: application/json; charset=utf-8
                                                                                                                                                              Content-Length: 1065
                                                                                                                                                              Connection: close
                                                                                                                                                              authorization: PDQ-ED25519-SHA512 Credential=ask_b357915753b14d77946/houston/v1, SignedHeaders=cache-control;content-type;x-pdq-date;x-request-id, Signature=c0d1d66bed3e5ddad573d0ea051e80fc4d124d949d67eec9875123fa74e14405f8299c09f1ebdc1f1b86223e7d3393e284a9a32730443d0b17b1d76674d3e909
                                                                                                                                                              Cache-Control: max-age=0, private, must-revalidate
                                                                                                                                                              x-pdq-date: 20241007T112315Z
                                                                                                                                                              x-request-id: F_wn3vAA52JWbp0TqJQE
                                                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                              expect-ct: max-age=86400, enforce
                                                                                                                                                              referrer-policy: same-origin
                                                                                                                                                              x-content-type-options: nosniff
                                                                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                                                                              x-xss-protection: 1; mode=block
                                                                                                                                                              Server: cloudflare
                                                                                                                                                              CF-RAY: 8ced849d4ad78c54-EWR
                                                                                                                                                              2024-10-07 11:23:15 UTC511INData Raw: 7b 22 73 68 61 32 35 36 22 3a 22 35 44 36 35 39 39 42 42 31 39 38 38 41 46 39 45 31 34 44 41 41 41 35 35 36 39 43 46 44 33 32 34 36 45 35 34 43 37 42 32 42 30 31 38 39 32 30 31 31 46 37 37 38 35 33 44 46 43 46 43 45 42 37 41 22 2c 22 75 70 64 61 74 65 72 5f 73 68 61 32 35 36 22 3a 22 42 43 38 35 38 30 30 42 42 38 37 37 33 32 30 33 43 39 43 37 35 30 42 45 31 45 42 46 30 38 42 37 39 42 36 39 32 45 46 37 36 39 46 37 43 44 39 37 44 39 43 36 35 30 32 38 45 31 32 37 43 30 33 33 22 2c 22 75 70 64 61 74 65 72 5f 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 70 64 71 69 6e 73 74 61 6c 6c 65 72 73 2e 65 39 64 36 39 36 39 34 63 33 64 38 66 37 34 36 35 66 64 35 33 31 35 31 32 63 32 32 62 64 30 66 2e 72 32 2e 63 6c 6f 75 64 66 6c 61 72 65 73 74 6f 72 61 67 65 2e 63 6f 6d
                                                                                                                                                              Data Ascii: {"sha256":"5D6599BB1988AF9E14DAAA5569CFD3246E54C7B2B01892011F77853DFCFCEB7A","updater_sha256":"BC85800BB8773203C9C750BE1EBF08B79B692EF769F7CD97D9C65028E127C033","updater_url":"https://pdqinstallers.e9d69694c3d8f7465fd531512c22bd0f.r2.cloudflarestorage.com
                                                                                                                                                              2024-10-07 11:23:15 UTC554INData Raw: 73 74 26 58 2d 41 6d 7a 2d 53 69 67 6e 61 74 75 72 65 3d 66 33 31 35 32 33 63 36 37 36 31 35 37 64 61 65 38 37 37 61 63 37 65 30 38 38 35 32 30 38 30 30 31 62 34 34 30 65 30 64 35 61 61 36 66 35 61 61 36 31 63 61 65 63 34 65 30 65 36 64 33 39 35 62 22 2c 22 75 70 64 61 74 65 72 5f 76 65 72 73 69 6f 6e 22 3a 22 30 2e 33 2e 30 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 70 64 71 69 6e 73 74 61 6c 6c 65 72 73 2e 65 39 64 36 39 36 39 34 63 33 64 38 66 37 34 36 35 66 64 35 33 31 35 31 32 63 32 32 62 64 30 66 2e 72 32 2e 63 6c 6f 75 64 66 6c 61 72 65 73 74 6f 72 61 67 65 2e 63 6f 6d 2f 63 6f 6e 6e 65 63 74 2d 61 67 65 6e 74 2f 50 44 51 43 6f 6e 6e 65 63 74 41 67 65 6e 74 2d 35 2e 35 2e 31 2e 6d 73 69 3f 78 2d 61 6d 7a 2d 61 63 6c 3d 70 72 69 76 61 74 65
                                                                                                                                                              Data Ascii: st&X-Amz-Signature=f31523c676157dae877ac7e0885208001b440e0d5aa6f5aa61caec4e0e6d395b","updater_version":"0.3.0","url":"https://pdqinstallers.e9d69694c3d8f7465fd531512c22bd0f.r2.cloudflarestorage.com/connect-agent/PDQConnectAgent-5.5.1.msi?x-amz-acl=private


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              1192.168.2.549706162.159.140.2384432820C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-10-07 11:23:16 UTC477OUTGET /connect-agent/PDQConnectUpdater-0.3.0.msi?x-amz-acl=private&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=796077fae8f70edb91a7fc855e7e36ea%2F20241007%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241007T112315Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=f31523c676157dae877ac7e0885208001b440e0d5aa6f5aa61caec4e0e6d395b HTTP/1.1
                                                                                                                                                              accept: */*
                                                                                                                                                              user-agent: PDQ rover 5.5.1
                                                                                                                                                              host: pdqinstallers.e9d69694c3d8f7465fd531512c22bd0f.r2.cloudflarestorage.com
                                                                                                                                                              2024-10-07 11:23:16 UTC300INHTTP/1.1 200 OK
                                                                                                                                                              Date: Mon, 07 Oct 2024 11:23:16 GMT
                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                              Content-Length: 3112960
                                                                                                                                                              Connection: close
                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                              ETag: "1bf1cb4939da999879ef545276b25867"
                                                                                                                                                              Last-Modified: Mon, 26 Aug 2024 15:01:06 GMT
                                                                                                                                                              Server: cloudflare
                                                                                                                                                              CF-RAY: 8ced84a2192243aa-EWR
                                                                                                                                                              2024-10-07 11:23:16 UTC1369INData Raw: d0 cf 11 e0 a1 b1 1a e1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3e 00 04 00 fe ff 0c 00 06 00 00 00 00 00 00 00 03 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 10 00 00 02 00 00 00 01 00 00 00 fe ff ff ff 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                                              Data Ascii: >
                                                                                                                                                              2024-10-07 11:23:16 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                              Data Ascii:
                                                                                                                                                              2024-10-07 11:23:16 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                              Data Ascii:
                                                                                                                                                              2024-10-07 11:23:16 UTC1369INData Raw: ff e9 02 00 00 06 00 00 00 04 00 00 00 07 00 00 00 08 00 00 00 09 00 00 00 0a 00 00 00 0b 00 00 00 0c 00 00 00 0d 00 00 00 0e 00 00 00 0f 00 00 00 10 00 00 00 11 00 00 00 12 00 00 00 13 00 00 00 14 00 00 00 15 00 00 00 16 00 00 00 17 00 00 00 18 00 00 00 19 00 00 00 1a 00 00 00 1b 00 00 00 1c 00 00 00 1d 00 00 00 1e 00 00 00 1f 00 00 00 20 00 00 00 21 00 00 00 22 00 00 00 23 00 00 00 24 00 00 00 25 00 00 00 26 00 00 00 27 00 00 00 28 00 00 00 29 00 00 00 2a 00 00 00 2b 00 00 00 2c 00 00 00 2d 00 00 00 2e 00 00 00 2f 00 00 00 30 00 00 00 31 00 00 00 32 00 00 00 33 00 00 00 34 00 00 00 35 00 00 00 36 00 00 00 37 00 00 00 38 00 00 00 39 00 00 00 3a 00 00 00 3b 00 00 00 3c 00 00 00 3d 00 00 00 3e 00 00 00 3f 00 00 00 40 00 00 00 41 00 00 00 42 00 00 00 43 00
                                                                                                                                                              Data Ascii: !"#$%&'()*+,-./0123456789:;<=>?@ABC
                                                                                                                                                              2024-10-07 11:23:16 UTC1369INData Raw: 5a 01 00 00 fe ff ff ff 5d 01 00 00 5b 01 00 00 5e 01 00 00 5f 01 00 00 60 01 00 00 61 01 00 00 62 01 00 00 63 01 00 00 64 01 00 00 65 01 00 00 66 01 00 00 67 01 00 00 68 01 00 00 69 01 00 00 6a 01 00 00 6b 01 00 00 6c 01 00 00 6d 01 00 00 6e 01 00 00 6f 01 00 00 70 01 00 00 71 01 00 00 72 01 00 00 73 01 00 00 74 01 00 00 75 01 00 00 76 01 00 00 77 01 00 00 78 01 00 00 79 01 00 00 7a 01 00 00 7b 01 00 00 7c 01 00 00 7d 01 00 00 7e 01 00 00 7f 01 00 00 80 01 00 00 81 01 00 00 82 01 00 00 83 01 00 00 84 01 00 00 85 01 00 00 86 01 00 00 87 01 00 00 88 01 00 00 89 01 00 00 8a 01 00 00 8b 01 00 00 8c 01 00 00 8d 01 00 00 8e 01 00 00 8f 01 00 00 90 01 00 00 91 01 00 00 92 01 00 00 93 01 00 00 94 01 00 00 95 01 00 00 96 01 00 00 97 01 00 00 98 01 00 00 99 01 00
                                                                                                                                                              Data Ascii: Z][^_`abcdefghijklmnopqrstuvwxyz{|}~
                                                                                                                                                              2024-10-07 11:23:16 UTC1369INData Raw: 02 00 00 b1 02 00 00 b2 02 00 00 b3 02 00 00 b4 02 00 00 b5 02 00 00 b6 02 00 00 b7 02 00 00 b8 02 00 00 b9 02 00 00 ba 02 00 00 bb 02 00 00 bc 02 00 00 bd 02 00 00 be 02 00 00 bf 02 00 00 c0 02 00 00 c1 02 00 00 c2 02 00 00 c3 02 00 00 c4 02 00 00 c5 02 00 00 c6 02 00 00 c7 02 00 00 c8 02 00 00 c9 02 00 00 ca 02 00 00 cb 02 00 00 cc 02 00 00 cd 02 00 00 ce 02 00 00 cf 02 00 00 d0 02 00 00 d1 02 00 00 d2 02 00 00 d3 02 00 00 d4 02 00 00 d5 02 00 00 d6 02 00 00 d7 02 00 00 d8 02 00 00 d9 02 00 00 da 02 00 00 db 02 00 00 dc 02 00 00 dd 02 00 00 de 02 00 00 df 02 00 00 e0 02 00 00 e1 02 00 00 e2 02 00 00 e3 02 00 00 e4 02 00 00 e5 02 00 00 e6 02 00 00 e7 02 00 00 e8 02 00 00 fe ff ff ff eb 02 00 00 fe ff ff ff fe ff ff ff ed 02 00 00 ee 02 00 00 ef 02 00 00
                                                                                                                                                              Data Ascii:
                                                                                                                                                              2024-10-07 11:23:16 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 16 00 05 00 ff ff ff ff ff ff ff ff 08 00 00 00 84 10 0c 00 00 00 00 00 c0 00 00 00 00 00 00 46 00 00 00 00 00 00 00 00 00 00 00 00 b0 5e 5e a0 c8 f7 da 01 03 00 00 00 00 26 00 00 00 00 00 00 40 48 59 45 f2 44 68 45 37 47 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 02 01 0d 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 00 00 00 00 00 00 00 05 00 53 00 75 00 6d 00 6d 00 61 00 72 00 79 00 49 00 6e 00 66
                                                                                                                                                              Data Ascii: F^^&@HYEDhE7G(SummaryInf
                                                                                                                                                              2024-10-07 11:23:16 UTC1369INData Raw: 00 00 00 00 00 11 00 00 00 18 00 00 00 00 00 00 00 40 48 92 41 72 44 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 02 01 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 12 00 00 00 04 00 00 00 00 00 00 00 92 41 72 44 3e 41 f3 44 3f 43 a6 44 b1 47 ac 41 32 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 14 00 02 01 ff ff ff ff 0e 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                              Data Ascii: @HArDArD>AD?CDGA2H
                                                                                                                                                              2024-10-07 11:23:16 UTC1336INData Raw: 06 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 00 00 04 00 00 00 00 00 00 00 40 48 8a 41 37 43 72 44 1d 42 fb 45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0e 00 02 00 01 00 00 00 ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 a4 01 00 00 00 00 00 00 40 48 4e 45 b5 44 35 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 02 00 10 00 00
                                                                                                                                                              Data Ascii: @HA7CrDBE@HNED5H
                                                                                                                                                              2024-10-07 11:23:16 UTC1369INData Raw: fe ff ff ff 02 00 00 00 03 00 00 00 04 00 00 00 05 00 00 00 06 00 00 00 07 00 00 00 08 00 00 00 09 00 00 00 fe ff ff ff fe ff ff ff fe ff ff ff fe ff ff ff fe ff ff ff fe ff ff ff fe ff ff ff fe ff ff ff fe ff ff ff fe ff ff ff fe ff ff ff fe ff ff ff 16 00 00 00 fe ff ff ff fe ff ff ff fe ff ff ff fe ff ff ff 1b 00 00 00 1c 00 00 00 1d 00 00 00 1e 00 00 00 1f 00 00 00 20 00 00 00 fe ff ff ff 22 00 00 00 23 00 00 00 24 00 00 00 25 00 00 00 26 00 00 00 27 00 00 00 28 00 00 00 29 00 00 00 2a 00 00 00 2b 00 00 00 fe ff ff ff fe ff ff ff fe ff ff ff fe ff ff ff fe ff ff ff 31 00 00 00 32 00 00 00 33 00 00 00 fe ff ff ff 35 00 00 00 36 00 00 00 37 00 00 00 38 00 00 00 39 00 00 00 3a 00 00 00 3b 00 00 00 3c 00 00 00 3d 00 00 00 3e 00 00 00 3f 00 00 00 40 00 00
                                                                                                                                                              Data Ascii: "#$%&'()*+12356789:;<=>?@


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              2192.168.2.549979104.16.77.474432820C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-10-07 11:24:15 UTC169OUTPOST /v1/devices/register HTTP/1.1
                                                                                                                                                              content-type: application/x-www-form-urlencoded
                                                                                                                                                              accept: */*
                                                                                                                                                              user-agent: PDQ rover 5.5.1
                                                                                                                                                              host: app.pdq.com
                                                                                                                                                              content-length: 506
                                                                                                                                                              2024-10-07 11:24:15 UTC506OUTData Raw: 74 6f 6b 65 6e 3d 69 79 37 6c 77 2d 6f 63 75 75 76 74 72 79 6f 64 65 77 34 38 72 6b 6e 6e 36 72 67 78 64 71 33 61 62 72 61 38 7a 70 71 38 78 6c 6c 6f 79 6a 70 63 75 30 38 75 66 77 73 65 2d 70 6f 32 6b 6a 6a 6d 78 77 75 38 76 65 6a 63 74 30 67 68 77 67 37 70 2d 68 70 6f 74 77 26 64 65 76 69 63 65 49 64 3d 64 76 63 5f 63 66 30 33 64 37 33 65 36 63 36 62 33 34 61 62 63 38 62 63 38 34 30 39 66 38 65 65 31 33 63 31 26 6d 61 63 68 69 6e 65 49 64 3d 39 65 31 34 36 62 65 39 2d 63 37 36 61 2d 34 37 32 30 2d 62 63 64 62 2d 35 33 30 31 31 62 38 37 62 64 30 36 26 6d 61 6e 75 66 61 63 74 75 72 65 72 3d 4c 43 38 4f 35 45 68 61 33 4c 56 63 77 50 56 26 6d 6f 64 65 6c 3d 57 66 47 61 35 58 48 76 26 6e 61 6d 65 3d 36 30 39 32 39 30 26 6f 73 3d 77 69 6e 64 6f 77 73 26 6f 73
                                                                                                                                                              Data Ascii: token=iy7lw-ocuuvtryodew48rknn6rgxdq3abra8zpq8xlloyjpcu08ufwse-po2kjjmxwu8vejct0ghwg7p-hpotw&deviceId=dvc_cf03d73e6c6b34abc8bc8409f8ee13c1&machineId=9e146be9-c76a-4720-bcdb-53011b87bd06&manufacturer=LC8O5Eha3LVcwPV&model=WfGa5XHv&name=609290&os=windows&os
                                                                                                                                                              2024-10-07 11:24:15 UTC480INHTTP/1.1 204 No Content
                                                                                                                                                              Date: Mon, 07 Oct 2024 11:24:15 GMT
                                                                                                                                                              Connection: close
                                                                                                                                                              Cache-Control: max-age=0, private, must-revalidate
                                                                                                                                                              x-request-id: F_wn7PSq-I52RpoYA_cC
                                                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                              expect-ct: max-age=86400, enforce
                                                                                                                                                              referrer-policy: same-origin
                                                                                                                                                              x-content-type-options: nosniff
                                                                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                                                                              x-xss-protection: 1; mode=block
                                                                                                                                                              Server: cloudflare
                                                                                                                                                              CF-RAY: 8ced8615b8ea4268-EWR


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              3192.168.2.549980104.16.77.474432820C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-10-07 11:24:16 UTC174OUTPOST /v1/devices/auth-challenge HTTP/1.1
                                                                                                                                                              content-type: application/x-www-form-urlencoded
                                                                                                                                                              accept: */*
                                                                                                                                                              user-agent: PDQ rover 5.5.1
                                                                                                                                                              host: app.pdq.com
                                                                                                                                                              content-length: 46
                                                                                                                                                              2024-10-07 11:24:16 UTC46OUTData Raw: 64 65 76 69 63 65 5f 69 64 3d 64 76 63 5f 63 66 30 33 64 37 33 65 36 63 36 62 33 34 61 62 63 38 62 63 38 34 30 39 66 38 65 65 31 33 63 31
                                                                                                                                                              Data Ascii: device_id=dvc_cf03d73e6c6b34abc8bc8409f8ee13c1
                                                                                                                                                              2024-10-07 11:24:16 UTC540INHTTP/1.1 200 OK
                                                                                                                                                              Date: Mon, 07 Oct 2024 11:24:16 GMT
                                                                                                                                                              Content-Type: application/json; charset=utf-8
                                                                                                                                                              Content-Length: 366
                                                                                                                                                              Connection: close
                                                                                                                                                              Cache-Control: max-age=0, private, must-revalidate
                                                                                                                                                              x-request-id: F_wn7SVWxDCGg4sU_M-E
                                                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                              expect-ct: max-age=86400, enforce
                                                                                                                                                              referrer-policy: same-origin
                                                                                                                                                              x-content-type-options: nosniff
                                                                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                                                                              x-xss-protection: 1; mode=block
                                                                                                                                                              Server: cloudflare
                                                                                                                                                              CF-RAY: 8ced861aac9817b9-EWR
                                                                                                                                                              2024-10-07 11:24:16 UTC366INData Raw: 7b 22 63 68 61 6c 6c 65 6e 67 65 22 3a 22 43 35 32 45 42 34 44 46 37 39 35 36 33 34 43 32 30 42 46 41 32 41 44 30 39 35 39 46 34 43 34 33 43 31 44 38 42 39 45 31 34 41 36 41 37 38 44 36 39 39 42 35 34 34 34 39 31 46 30 46 32 45 39 31 22 2c 22 63 68 61 6c 6c 65 6e 67 65 54 6f 6b 65 6e 22 3a 22 53 46 4d 79 4e 54 59 2e 67 32 67 44 64 41 41 41 41 41 4a 74 41 41 41 41 43 57 4e 6f 59 57 78 73 5a 57 35 6e 5a 57 30 41 41 41 42 41 51 7a 55 79 52 55 49 30 52 45 59 33 4f 54 55 32 4d 7a 52 44 4d 6a 42 43 52 6b 45 79 51 55 51 77 4f 54 55 35 52 6a 52 44 4e 44 4e 44 4d 55 51 34 51 6a 6c 46 4d 54 52 42 4e 6b 45 33 4f 45 51 32 4f 54 6c 43 4e 54 51 30 4e 44 6b 78 52 6a 42 47 4d 6b 55 35 4d 57 30 41 41 41 41 4a 5a 47 56 32 61 57 4e 6c 58 32 6c 6b 62 51 41 41 41 43 52 6b 64
                                                                                                                                                              Data Ascii: {"challenge":"C52EB4DF795634C20BFA2AD0959F4C43C1D8B9E14A6A78D699B544491F0F2E91","challengeToken":"SFMyNTY.g2gDdAAAAAJtAAAACWNoYWxsZW5nZW0AAABAQzUyRUI0REY3OTU2MzRDMjBCRkEyQUQwOTU5RjRDNDNDMUQ4QjlFMTRBNkE3OEQ2OTlCNTQ0NDkxRjBGMkU5MW0AAAAJZGV2aWNlX2lkbQAAACRkd


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              4192.168.2.549981104.16.77.474432820C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-10-07 11:24:17 UTC174OUTPOST /v1/devices/auth-challenge HTTP/1.1
                                                                                                                                                              content-type: application/x-www-form-urlencoded
                                                                                                                                                              accept: */*
                                                                                                                                                              user-agent: PDQ rover 5.5.1
                                                                                                                                                              host: app.pdq.com
                                                                                                                                                              content-length: 46
                                                                                                                                                              2024-10-07 11:24:17 UTC46OUTData Raw: 64 65 76 69 63 65 5f 69 64 3d 64 76 63 5f 63 66 30 33 64 37 33 65 36 63 36 62 33 34 61 62 63 38 62 63 38 34 30 39 66 38 65 65 31 33 63 31
                                                                                                                                                              Data Ascii: device_id=dvc_cf03d73e6c6b34abc8bc8409f8ee13c1
                                                                                                                                                              2024-10-07 11:24:17 UTC540INHTTP/1.1 200 OK
                                                                                                                                                              Date: Mon, 07 Oct 2024 11:24:17 GMT
                                                                                                                                                              Content-Type: application/json; charset=utf-8
                                                                                                                                                              Content-Length: 366
                                                                                                                                                              Connection: close
                                                                                                                                                              Cache-Control: max-age=0, private, must-revalidate
                                                                                                                                                              x-request-id: F_wn7VarZPVBDUUR96EE
                                                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                              expect-ct: max-age=86400, enforce
                                                                                                                                                              referrer-policy: same-origin
                                                                                                                                                              x-content-type-options: nosniff
                                                                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                                                                              x-xss-protection: 1; mode=block
                                                                                                                                                              Server: cloudflare
                                                                                                                                                              CF-RAY: 8ced86200da2c46b-EWR
                                                                                                                                                              2024-10-07 11:24:17 UTC366INData Raw: 7b 22 63 68 61 6c 6c 65 6e 67 65 22 3a 22 33 38 39 46 30 38 32 30 46 36 37 45 33 45 41 31 30 39 39 43 33 39 39 41 44 32 44 31 36 32 31 36 32 46 42 33 42 45 39 35 37 36 39 34 43 35 37 42 31 31 35 45 38 39 44 33 38 45 42 41 41 34 33 39 22 2c 22 63 68 61 6c 6c 65 6e 67 65 54 6f 6b 65 6e 22 3a 22 53 46 4d 79 4e 54 59 2e 67 32 67 44 64 41 41 41 41 41 4a 74 41 41 41 41 43 57 4e 6f 59 57 78 73 5a 57 35 6e 5a 57 30 41 41 41 42 41 4d 7a 67 35 52 6a 41 34 4d 6a 42 47 4e 6a 64 46 4d 30 56 42 4d 54 41 35 4f 55 4d 7a 4f 54 6c 42 52 44 4a 45 4d 54 59 79 4d 54 59 79 52 6b 49 7a 51 6b 55 35 4e 54 63 32 4f 54 52 44 4e 54 64 43 4d 54 45 31 52 54 67 35 52 44 4d 34 52 55 4a 42 51 54 51 7a 4f 57 30 41 41 41 41 4a 5a 47 56 32 61 57 4e 6c 58 32 6c 6b 62 51 41 41 41 43 52 6b 64
                                                                                                                                                              Data Ascii: {"challenge":"389F0820F67E3EA1099C399AD2D162162FB3BE957694C57B115E89D38EBAA439","challengeToken":"SFMyNTY.g2gDdAAAAAJtAAAACWNoYWxsZW5nZW0AAABAMzg5RjA4MjBGNjdFM0VBMTA5OUMzOTlBRDJEMTYyMTYyRkIzQkU5NTc2OTRDNTdCMTE1RTg5RDM4RUJBQTQzOW0AAAAJZGV2aWNlX2lkbQAAACRkd


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              5192.168.2.549982104.16.77.474432820C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-10-07 11:24:17 UTC590OUTGET /v1/devices/auth-token HTTP/1.1
                                                                                                                                                              x-auth-challenge-token: SFMyNTY.g2gDdAAAAAJtAAAACWNoYWxsZW5nZW0AAABAMzg5RjA4MjBGNjdFM0VBMTA5OUMzOTlBRDJEMTYyMTYyRkIzQkU5NTc2OTRDNTdCMTE1RTg5RDM4RUJBQTQzOW0AAAAJZGV2aWNlX2lkbQAAACRkdmNfY2YwM2Q3M2U2YzZiMzRhYmM4YmM4NDA5ZjhlZTEzYzFuBgAmELlmkgFiAAFRgA.0N7Tx4Q3ZMAtN3sW2qv5UDSW0FoEj2ZGZHcGWmb0grg
                                                                                                                                                              x-auth-challenge-signature: e6a90cc078d79ed01b1fc84f362f845ee9f81a3ba45eb84ce770ba2116d302b212066e7a9f8d46e8584eb548b6664e3a8536dc5fa4b5498bde7ef482b7ac8b0e
                                                                                                                                                              x-pdq-key-ids: ask_b357915753b14d77946
                                                                                                                                                              user-agent: PDQ rover 5.5.1
                                                                                                                                                              accept: */*
                                                                                                                                                              host: app.pdq.com
                                                                                                                                                              2024-10-07 11:24:18 UTC540INHTTP/1.1 200 OK
                                                                                                                                                              Date: Mon, 07 Oct 2024 11:24:18 GMT
                                                                                                                                                              Content-Type: application/json; charset=utf-8
                                                                                                                                                              Content-Length: 680
                                                                                                                                                              Connection: close
                                                                                                                                                              Cache-Control: max-age=0, private, must-revalidate
                                                                                                                                                              x-request-id: F_wn7X7w9mNW5tsXHHoB
                                                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                              expect-ct: max-age=86400, enforce
                                                                                                                                                              referrer-policy: same-origin
                                                                                                                                                              x-content-type-options: nosniff
                                                                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                                                                              x-xss-protection: 1; mode=block
                                                                                                                                                              Server: cloudflare
                                                                                                                                                              CF-RAY: 8ced862408f780d6-EWR
                                                                                                                                                              2024-10-07 11:24:18 UTC680INData Raw: 7b 22 74 6f 6b 65 6e 22 3a 22 65 79 4a 68 62 47 63 69 4f 69 4a 49 55 7a 55 78 4d 69 49 73 49 6e 52 35 63 43 49 36 49 6b 70 58 56 43 4a 39 2e 65 79 4a 68 64 57 51 69 4f 69 4a 33 5a 57 4a 7a 62 32 4e 72 5a 58 51 74 63 48 4a 76 65 48 6b 69 4c 43 4a 6c 65 48 41 69 4f 6a 45 33 4d 6a 67 7a 4f 44 59 32 4e 54 63 73 49 6d 6c 68 64 43 49 36 4d 54 63 79 4f 44 4d 77 4d 44 49 31 4e 79 77 69 61 58 4e 7a 49 6a 6f 69 61 47 39 31 63 33 52 76 62 69 49 73 49 6d 70 30 61 53 49 36 49 6d 45 35 5a 54 46 6d 4f 54 6b 32 4c 57 4a 6d 4e 54 63 74 4e 44 59 79 4e 53 30 35 4f 44 46 69 4c 54 4d 78 5a 6d 59 30 4d 47 4a 68 59 7a 4e 6a 4d 53 49 73 49 6d 35 69 5a 69 49 36 4d 54 63 79 4f 44 4d 77 4d 44 49 31 4e 69 77 69 62 33 4a 6e 59 57 35 70 65 6d 46 30 61 57 39 75 58 32 6c 6b 49 6a 6f 69
                                                                                                                                                              Data Ascii: {"token":"eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ3ZWJzb2NrZXQtcHJveHkiLCJleHAiOjE3MjgzODY2NTcsImlhdCI6MTcyODMwMDI1NywiaXNzIjoiaG91c3RvbiIsImp0aSI6ImE5ZTFmOTk2LWJmNTctNDYyNS05ODFiLTMxZmY0MGJhYzNjMSIsIm5iZiI6MTcyODMwMDI1Niwib3JnYW5pemF0aW9uX2lkIjoi


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              6192.168.2.54998334.128.163.1264432820C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-10-07 11:24:18 UTC1476OUTGET /v1/devices/socket/websocket?device_id=dvc_cf03d73e6c6b34abc8bc8409f8ee13c1 HTTP/1.1
                                                                                                                                                              Host: websocket.app.pdq.com:443
                                                                                                                                                              Connection: Upgrade
                                                                                                                                                              Upgrade: websocket
                                                                                                                                                              Sec-WebSocket-Version: 13
                                                                                                                                                              Sec-WebSocket-Key: Y51N629PzzcrK6X5pi/hjw==
                                                                                                                                                              authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ3ZWJzb2NrZXQtcHJveHkiLCJleHAiOjE3MjgzODY2NTcsImlhdCI6MTcyODMwMDI1NywiaXNzIjoiaG91c3RvbiIsImp0aSI6ImE5ZTFmOTk2LWJmNTctNDYyNS05ODFiLTMxZmY0MGJhYzNjMSIsIm5iZiI6MTcyODMwMDI1Niwib3JnYW5pemF0aW9uX2lkIjoib3JnXzNiZWMwOTAwN2MzYjQ0OThiYzYiLCJwdWJsaWNfa2V5IjoiTFMwdExTMUNSVWRKVGlCUVZVSk1TVU1nUzBWWkxTMHRMUzBLVFVOdmQwSlJXVVJMTWxaM1FYbEZRVE53WkZsdWJ6TkRSWEZTYjBZNGNuY3ZZbVI0UlRWUVVFbEVTbUUwYm1KTFJWVlpiMmxPUVdSbFVsazlDaTB0TFMwdFJVNUVJRkJWUWt4SlF5QkxSVmt0TFMwdExRbyIsInN1YiI6ImR2Y19jZjAzZDczZTZjNmIzNGFiYzhiYzg0MDlmOGVlMTNjMSIsInR5cCI6ImFjY2VzcyJ9.9jIZgmMdtqhybhcDBSjUQj3MYa4u-ZX6HMfrB6_z69-3pRp96sUHLjF_yxTI8pdFPo7FG94zj_c_aI_MnC3d1g
                                                                                                                                                              user-agent: PDQ rover 5.5.1
                                                                                                                                                              x-release-channel: stable
                                                                                                                                                              x-pdq-key-ids: ask_b357915753b14d77946
                                                                                                                                                              x-auth-challenge-signature: ee49145b1d2b5e47bf857979fcf774a05e4a7e71b666967be326b4301b4e76cef36a3d23a6939399fd30da44a41d1f58b7318e8973c1ccef6904bb5970aeeb07
                                                                                                                                                              x-auth-challenge-token: SFMyNTY.g2gDdAAAAAJtAAAACWNoYWxsZW5nZW0AAABAQzUyRUI0REY3OTU2MzRDMjBCRkEyQUQwOTU5RjRDNDNDMUQ4QjlFMTRBNkE3OEQ2OTlCNTQ0NDkxRjBGMkU5MW0AAAAJZGV2aWNlX2lkbQAAACRkdmNfY2YwM2Q3M2U2YzZiMzRhYmM4YmM4NDA5ZjhlZTEzYzFuBgDqDLlmkgFiAAFRgA.x2B6_ZNfIuTbwFxOAkYQI72pPlYOpgciPlJr_2WwsrM
                                                                                                                                                              2024-10-07 11:24:18 UTC246INHTTP/1.1 400 Bad Request
                                                                                                                                                              cache-control: max-age=0, private, must-revalidate
                                                                                                                                                              Content-Length: 50
                                                                                                                                                              date: Mon, 07 Oct 2024 11:24:17 GMT
                                                                                                                                                              server: Cowboy
                                                                                                                                                              via: 1.1 google
                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                              Connection: close
                                                                                                                                                              2024-10-07 11:24:18 UTC50INData Raw: 27 63 6f 6e 6e 65 63 74 69 6f 6e 27 20 68 65 61 64 65 72 20 6d 75 73 74 20 63 6f 6e 74 61 69 6e 20 27 75 70 67 72 61 64 65 27 2c 20 67 6f 74 20 5b 5d
                                                                                                                                                              Data Ascii: 'connection' header must contain 'upgrade', got []


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              7192.168.2.549984104.16.77.474432820C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-10-07 11:24:41 UTC174OUTPOST /v1/devices/auth-challenge HTTP/1.1
                                                                                                                                                              content-type: application/x-www-form-urlencoded
                                                                                                                                                              accept: */*
                                                                                                                                                              user-agent: PDQ rover 5.5.1
                                                                                                                                                              host: app.pdq.com
                                                                                                                                                              content-length: 46
                                                                                                                                                              2024-10-07 11:24:41 UTC46OUTData Raw: 64 65 76 69 63 65 5f 69 64 3d 64 76 63 5f 63 66 30 33 64 37 33 65 36 63 36 62 33 34 61 62 63 38 62 63 38 34 30 39 66 38 65 65 31 33 63 31
                                                                                                                                                              Data Ascii: device_id=dvc_cf03d73e6c6b34abc8bc8409f8ee13c1
                                                                                                                                                              2024-10-07 11:24:41 UTC540INHTTP/1.1 200 OK
                                                                                                                                                              Date: Mon, 07 Oct 2024 11:24:41 GMT
                                                                                                                                                              Content-Type: application/json; charset=utf-8
                                                                                                                                                              Content-Length: 366
                                                                                                                                                              Connection: close
                                                                                                                                                              Cache-Control: max-age=0, private, must-revalidate
                                                                                                                                                              x-request-id: F_wn8wzAbUedfvIW1wSC
                                                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                              expect-ct: max-age=86400, enforce
                                                                                                                                                              referrer-policy: same-origin
                                                                                                                                                              x-content-type-options: nosniff
                                                                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                                                                              x-xss-protection: 1; mode=block
                                                                                                                                                              Server: cloudflare
                                                                                                                                                              CF-RAY: 8ced86b95f4143ac-EWR
                                                                                                                                                              2024-10-07 11:24:41 UTC366INData Raw: 7b 22 63 68 61 6c 6c 65 6e 67 65 22 3a 22 34 32 41 42 34 37 35 33 32 39 39 43 41 39 37 33 39 33 37 45 44 44 39 45 36 31 46 37 45 45 38 32 41 41 30 44 41 44 46 31 41 37 30 36 45 30 46 32 43 43 37 35 36 38 34 45 35 35 33 42 38 39 41 36 22 2c 22 63 68 61 6c 6c 65 6e 67 65 54 6f 6b 65 6e 22 3a 22 53 46 4d 79 4e 54 59 2e 67 32 67 44 64 41 41 41 41 41 4a 74 41 41 41 41 43 57 4e 6f 59 57 78 73 5a 57 35 6e 5a 57 30 41 41 41 42 41 4e 44 4a 42 51 6a 51 33 4e 54 4d 79 4f 54 6c 44 51 54 6b 33 4d 7a 6b 7a 4e 30 56 45 52 44 6c 46 4e 6a 46 47 4e 30 56 46 4f 44 4a 42 51 54 42 45 51 55 52 47 4d 55 45 33 4d 44 5a 46 4d 45 59 79 51 30 4d 33 4e 54 59 34 4e 45 55 31 4e 54 4e 43 4f 44 6c 42 4e 6d 30 41 41 41 41 4a 5a 47 56 32 61 57 4e 6c 58 32 6c 6b 62 51 41 41 41 43 52 6b 64
                                                                                                                                                              Data Ascii: {"challenge":"42AB4753299CA973937EDD9E61F7EE82AA0DADF1A706E0F2CC75684E553B89A6","challengeToken":"SFMyNTY.g2gDdAAAAAJtAAAACWNoYWxsZW5nZW0AAABANDJBQjQ3NTMyOTlDQTk3MzkzN0VERDlFNjFGN0VFODJBQTBEQURGMUE3MDZFMEYyQ0M3NTY4NEU1NTNCODlBNm0AAAAJZGV2aWNlX2lkbQAAACRkd


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              8192.168.2.54998534.128.163.1264432820C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-10-07 11:24:42 UTC1476OUTGET /v1/devices/socket/websocket?device_id=dvc_cf03d73e6c6b34abc8bc8409f8ee13c1 HTTP/1.1
                                                                                                                                                              Host: websocket.app.pdq.com:443
                                                                                                                                                              Connection: Upgrade
                                                                                                                                                              Upgrade: websocket
                                                                                                                                                              Sec-WebSocket-Version: 13
                                                                                                                                                              Sec-WebSocket-Key: WQSStiWAvRInix3U0Ars5w==
                                                                                                                                                              authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ3ZWJzb2NrZXQtcHJveHkiLCJleHAiOjE3MjgzODY2NTcsImlhdCI6MTcyODMwMDI1NywiaXNzIjoiaG91c3RvbiIsImp0aSI6ImE5ZTFmOTk2LWJmNTctNDYyNS05ODFiLTMxZmY0MGJhYzNjMSIsIm5iZiI6MTcyODMwMDI1Niwib3JnYW5pemF0aW9uX2lkIjoib3JnXzNiZWMwOTAwN2MzYjQ0OThiYzYiLCJwdWJsaWNfa2V5IjoiTFMwdExTMUNSVWRKVGlCUVZVSk1TVU1nUzBWWkxTMHRMUzBLVFVOdmQwSlJXVVJMTWxaM1FYbEZRVE53WkZsdWJ6TkRSWEZTYjBZNGNuY3ZZbVI0UlRWUVVFbEVTbUUwYm1KTFJWVlpiMmxPUVdSbFVsazlDaTB0TFMwdFJVNUVJRkJWUWt4SlF5QkxSVmt0TFMwdExRbyIsInN1YiI6ImR2Y19jZjAzZDczZTZjNmIzNGFiYzhiYzg0MDlmOGVlMTNjMSIsInR5cCI6ImFjY2VzcyJ9.9jIZgmMdtqhybhcDBSjUQj3MYa4u-ZX6HMfrB6_z69-3pRp96sUHLjF_yxTI8pdFPo7FG94zj_c_aI_MnC3d1g
                                                                                                                                                              user-agent: PDQ rover 5.5.1
                                                                                                                                                              x-release-channel: stable
                                                                                                                                                              x-pdq-key-ids: ask_b357915753b14d77946
                                                                                                                                                              x-auth-challenge-signature: c5433f7a1d7c0b92e1608a9a5079b711cde242ba83c0900bd5182a7e782fc580cf9aa602cbed775140fe8572f130294a5909216fbb59016b86283d192b98a307
                                                                                                                                                              x-auth-challenge-token: SFMyNTY.g2gDdAAAAAJtAAAACWNoYWxsZW5nZW0AAABANDJBQjQ3NTMyOTlDQTk3MzkzN0VERDlFNjFGN0VFODJBQTBEQURGMUE3MDZFMEYyQ0M3NTY4NEU1NTNCODlBNm0AAAAJZGV2aWNlX2lkbQAAACRkdmNfY2YwM2Q3M2U2YzZiMzRhYmM4YmM4NDA5ZjhlZTEzYzFuBgD4b7lmkgFiAAFRgA.DbY-vbpJIjwkCjvmwoTRamTeuIQOT-xB5uFNjDG0Yr8
                                                                                                                                                              2024-10-07 11:24:42 UTC246INHTTP/1.1 400 Bad Request
                                                                                                                                                              cache-control: max-age=0, private, must-revalidate
                                                                                                                                                              Content-Length: 50
                                                                                                                                                              date: Mon, 07 Oct 2024 11:24:41 GMT
                                                                                                                                                              server: Cowboy
                                                                                                                                                              via: 1.1 google
                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                              Connection: close
                                                                                                                                                              2024-10-07 11:24:42 UTC50INData Raw: 27 63 6f 6e 6e 65 63 74 69 6f 6e 27 20 68 65 61 64 65 72 20 6d 75 73 74 20 63 6f 6e 74 61 69 6e 20 27 75 70 67 72 61 64 65 27 2c 20 67 6f 74 20 5b 5d
                                                                                                                                                              Data Ascii: 'connection' header must contain 'upgrade', got []


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              9192.168.2.549986104.16.77.474432820C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-10-07 11:24:50 UTC174OUTPOST /v1/devices/auth-challenge HTTP/1.1
                                                                                                                                                              content-type: application/x-www-form-urlencoded
                                                                                                                                                              accept: */*
                                                                                                                                                              user-agent: PDQ rover 5.5.1
                                                                                                                                                              host: app.pdq.com
                                                                                                                                                              content-length: 46
                                                                                                                                                              2024-10-07 11:24:50 UTC46OUTData Raw: 64 65 76 69 63 65 5f 69 64 3d 64 76 63 5f 63 66 30 33 64 37 33 65 36 63 36 62 33 34 61 62 63 38 62 63 38 34 30 39 66 38 65 65 31 33 63 31
                                                                                                                                                              Data Ascii: device_id=dvc_cf03d73e6c6b34abc8bc8409f8ee13c1
                                                                                                                                                              2024-10-07 11:24:50 UTC540INHTTP/1.1 200 OK
                                                                                                                                                              Date: Mon, 07 Oct 2024 11:24:50 GMT
                                                                                                                                                              Content-Type: application/json; charset=utf-8
                                                                                                                                                              Content-Length: 366
                                                                                                                                                              Connection: close
                                                                                                                                                              Cache-Control: max-age=0, private, must-revalidate
                                                                                                                                                              x-request-id: F_wn9Q8Oak8WBdkVbJQD
                                                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                              expect-ct: max-age=86400, enforce
                                                                                                                                                              referrer-policy: same-origin
                                                                                                                                                              x-content-type-options: nosniff
                                                                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                                                                              x-xss-protection: 1; mode=block
                                                                                                                                                              Server: cloudflare
                                                                                                                                                              CF-RAY: 8ced86ef4cde4283-EWR
                                                                                                                                                              2024-10-07 11:24:50 UTC366INData Raw: 7b 22 63 68 61 6c 6c 65 6e 67 65 22 3a 22 35 30 45 45 38 44 45 46 38 46 30 42 38 43 37 32 34 34 43 45 45 46 44 33 37 31 46 35 34 32 43 33 41 46 37 39 42 31 41 38 38 30 45 38 43 33 34 36 37 36 41 44 36 34 31 46 33 35 39 36 41 42 36 44 22 2c 22 63 68 61 6c 6c 65 6e 67 65 54 6f 6b 65 6e 22 3a 22 53 46 4d 79 4e 54 59 2e 67 32 67 44 64 41 41 41 41 41 4a 74 41 41 41 41 43 57 4e 6f 59 57 78 73 5a 57 35 6e 5a 57 30 41 41 41 42 41 4e 54 42 46 52 54 68 45 52 55 59 34 52 6a 42 43 4f 45 4d 33 4d 6a 51 30 51 30 56 46 52 6b 51 7a 4e 7a 46 47 4e 54 51 79 51 7a 4e 42 52 6a 63 35 51 6a 46 42 4f 44 67 77 52 54 68 44 4d 7a 51 32 4e 7a 5a 42 52 44 59 30 4d 55 59 7a 4e 54 6b 32 51 55 49 32 52 47 30 41 41 41 41 4a 5a 47 56 32 61 57 4e 6c 58 32 6c 6b 62 51 41 41 41 43 52 6b 64
                                                                                                                                                              Data Ascii: {"challenge":"50EE8DEF8F0B8C7244CEEFD371F542C3AF79B1A880E8C34676AD641F3596AB6D","challengeToken":"SFMyNTY.g2gDdAAAAAJtAAAACWNoYWxsZW5nZW0AAABANTBFRThERUY4RjBCOEM3MjQ0Q0VFRkQzNzFGNTQyQzNBRjc5QjFBODgwRThDMzQ2NzZBRDY0MUYzNTk2QUI2RG0AAAAJZGV2aWNlX2lkbQAAACRkd


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              10192.168.2.54998734.128.163.1264432820C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-10-07 11:24:50 UTC1476OUTGET /v1/devices/socket/websocket?device_id=dvc_cf03d73e6c6b34abc8bc8409f8ee13c1 HTTP/1.1
                                                                                                                                                              Host: websocket.app.pdq.com:443
                                                                                                                                                              Connection: Upgrade
                                                                                                                                                              Upgrade: websocket
                                                                                                                                                              Sec-WebSocket-Version: 13
                                                                                                                                                              Sec-WebSocket-Key: WjfvLqi3SZVqZ6DHtBWwKA==
                                                                                                                                                              authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ3ZWJzb2NrZXQtcHJveHkiLCJleHAiOjE3MjgzODY2NTcsImlhdCI6MTcyODMwMDI1NywiaXNzIjoiaG91c3RvbiIsImp0aSI6ImE5ZTFmOTk2LWJmNTctNDYyNS05ODFiLTMxZmY0MGJhYzNjMSIsIm5iZiI6MTcyODMwMDI1Niwib3JnYW5pemF0aW9uX2lkIjoib3JnXzNiZWMwOTAwN2MzYjQ0OThiYzYiLCJwdWJsaWNfa2V5IjoiTFMwdExTMUNSVWRKVGlCUVZVSk1TVU1nUzBWWkxTMHRMUzBLVFVOdmQwSlJXVVJMTWxaM1FYbEZRVE53WkZsdWJ6TkRSWEZTYjBZNGNuY3ZZbVI0UlRWUVVFbEVTbUUwYm1KTFJWVlpiMmxPUVdSbFVsazlDaTB0TFMwdFJVNUVJRkJWUWt4SlF5QkxSVmt0TFMwdExRbyIsInN1YiI6ImR2Y19jZjAzZDczZTZjNmIzNGFiYzhiYzg0MDlmOGVlMTNjMSIsInR5cCI6ImFjY2VzcyJ9.9jIZgmMdtqhybhcDBSjUQj3MYa4u-ZX6HMfrB6_z69-3pRp96sUHLjF_yxTI8pdFPo7FG94zj_c_aI_MnC3d1g
                                                                                                                                                              user-agent: PDQ rover 5.5.1
                                                                                                                                                              x-release-channel: stable
                                                                                                                                                              x-pdq-key-ids: ask_b357915753b14d77946
                                                                                                                                                              x-auth-challenge-signature: 1e0fdd3ef412c9592046f0516d35b922e4894713790dec894bad8823daef1083549c681334805ac0ea09423086c910526f098524bd24763adafa373211ff1002
                                                                                                                                                              x-auth-challenge-token: SFMyNTY.g2gDdAAAAAJtAAAACWNoYWxsZW5nZW0AAABANTBFRThERUY4RjBCOEM3MjQ0Q0VFRkQzNzFGNTQyQzNBRjc5QjFBODgwRThDMzQ2NzZBRDY0MUYzNTk2QUI2RG0AAAAJZGV2aWNlX2lkbQAAACRkdmNfY2YwM2Q3M2U2YzZiMzRhYmM4YmM4NDA5ZjhlZTEzYzFuBgCskblmkgFiAAFRgA.FcvW4ooNiqZsJy5Pt2NyFNKMar8EzPcCeIkqRiTZDOU
                                                                                                                                                              2024-10-07 11:24:51 UTC246INHTTP/1.1 400 Bad Request
                                                                                                                                                              cache-control: max-age=0, private, must-revalidate
                                                                                                                                                              Content-Length: 50
                                                                                                                                                              date: Mon, 07 Oct 2024 11:24:50 GMT
                                                                                                                                                              server: Cowboy
                                                                                                                                                              via: 1.1 google
                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                              Connection: close
                                                                                                                                                              2024-10-07 11:24:51 UTC50INData Raw: 27 63 6f 6e 6e 65 63 74 69 6f 6e 27 20 68 65 61 64 65 72 20 6d 75 73 74 20 63 6f 6e 74 61 69 6e 20 27 75 70 67 72 61 64 65 27 2c 20 67 6f 74 20 5b 5d
                                                                                                                                                              Data Ascii: 'connection' header must contain 'upgrade', got []


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              11192.168.2.549988104.16.77.474432820C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-10-07 11:25:09 UTC174OUTPOST /v1/devices/auth-challenge HTTP/1.1
                                                                                                                                                              content-type: application/x-www-form-urlencoded
                                                                                                                                                              accept: */*
                                                                                                                                                              user-agent: PDQ rover 5.5.1
                                                                                                                                                              host: app.pdq.com
                                                                                                                                                              content-length: 46
                                                                                                                                                              2024-10-07 11:25:09 UTC46OUTData Raw: 64 65 76 69 63 65 5f 69 64 3d 64 76 63 5f 63 66 30 33 64 37 33 65 36 63 36 62 33 34 61 62 63 38 62 63 38 34 30 39 66 38 65 65 31 33 63 31
                                                                                                                                                              Data Ascii: device_id=dvc_cf03d73e6c6b34abc8bc8409f8ee13c1
                                                                                                                                                              2024-10-07 11:25:09 UTC540INHTTP/1.1 200 OK
                                                                                                                                                              Date: Mon, 07 Oct 2024 11:25:09 GMT
                                                                                                                                                              Content-Type: application/json; charset=utf-8
                                                                                                                                                              Content-Length: 366
                                                                                                                                                              Connection: close
                                                                                                                                                              Cache-Control: max-age=0, private, must-revalidate
                                                                                                                                                              x-request-id: F_wn-WvNrfsy_wEUi54E
                                                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                              expect-ct: max-age=86400, enforce
                                                                                                                                                              referrer-policy: same-origin
                                                                                                                                                              x-content-type-options: nosniff
                                                                                                                                                              x-frame-options: SAMEORIGIN
                                                                                                                                                              x-xss-protection: 1; mode=block
                                                                                                                                                              Server: cloudflare
                                                                                                                                                              CF-RAY: 8ced87640fa38c06-EWR
                                                                                                                                                              2024-10-07 11:25:09 UTC366INData Raw: 7b 22 63 68 61 6c 6c 65 6e 67 65 22 3a 22 31 43 46 30 32 33 38 32 39 38 44 39 46 31 34 38 35 34 46 39 33 42 34 32 44 34 36 41 43 32 31 41 36 43 37 32 42 45 36 41 39 31 32 43 34 36 32 38 31 38 36 34 34 46 34 35 37 31 31 32 42 37 30 31 22 2c 22 63 68 61 6c 6c 65 6e 67 65 54 6f 6b 65 6e 22 3a 22 53 46 4d 79 4e 54 59 2e 67 32 67 44 64 41 41 41 41 41 4a 74 41 41 41 41 43 57 4e 6f 59 57 78 73 5a 57 35 6e 5a 57 30 41 41 41 42 41 4d 55 4e 47 4d 44 49 7a 4f 44 49 35 4f 45 51 35 52 6a 45 30 4f 44 55 30 52 6a 6b 7a 51 6a 51 79 52 44 51 32 51 55 4d 79 4d 55 45 32 51 7a 63 79 51 6b 55 32 51 54 6b 78 4d 6b 4d 30 4e 6a 49 34 4d 54 67 32 4e 44 52 47 4e 44 55 33 4d 54 45 79 51 6a 63 77 4d 57 30 41 41 41 41 4a 5a 47 56 32 61 57 4e 6c 58 32 6c 6b 62 51 41 41 41 43 52 6b 64
                                                                                                                                                              Data Ascii: {"challenge":"1CF0238298D9F14854F93B42D46AC21A6C72BE6A912C462818644F457112B701","challengeToken":"SFMyNTY.g2gDdAAAAAJtAAAACWNoYWxsZW5nZW0AAABAMUNGMDIzODI5OEQ5RjE0ODU0RjkzQjQyRDQ2QUMyMUE2QzcyQkU2QTkxMkM0NjI4MTg2NDRGNDU3MTEyQjcwMW0AAAAJZGV2aWNlX2lkbQAAACRkd


                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                              12192.168.2.54998934.128.163.1264432820C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe
                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                              2024-10-07 11:25:09 UTC1476OUTGET /v1/devices/socket/websocket?device_id=dvc_cf03d73e6c6b34abc8bc8409f8ee13c1 HTTP/1.1
                                                                                                                                                              Host: websocket.app.pdq.com:443
                                                                                                                                                              Connection: Upgrade
                                                                                                                                                              Upgrade: websocket
                                                                                                                                                              Sec-WebSocket-Version: 13
                                                                                                                                                              Sec-WebSocket-Key: B3FXw8Dap40WbDRx5ILaZA==
                                                                                                                                                              authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ3ZWJzb2NrZXQtcHJveHkiLCJleHAiOjE3MjgzODY2NTcsImlhdCI6MTcyODMwMDI1NywiaXNzIjoiaG91c3RvbiIsImp0aSI6ImE5ZTFmOTk2LWJmNTctNDYyNS05ODFiLTMxZmY0MGJhYzNjMSIsIm5iZiI6MTcyODMwMDI1Niwib3JnYW5pemF0aW9uX2lkIjoib3JnXzNiZWMwOTAwN2MzYjQ0OThiYzYiLCJwdWJsaWNfa2V5IjoiTFMwdExTMUNSVWRKVGlCUVZVSk1TVU1nUzBWWkxTMHRMUzBLVFVOdmQwSlJXVVJMTWxaM1FYbEZRVE53WkZsdWJ6TkRSWEZTYjBZNGNuY3ZZbVI0UlRWUVVFbEVTbUUwYm1KTFJWVlpiMmxPUVdSbFVsazlDaTB0TFMwdFJVNUVJRkJWUWt4SlF5QkxSVmt0TFMwdExRbyIsInN1YiI6ImR2Y19jZjAzZDczZTZjNmIzNGFiYzhiYzg0MDlmOGVlMTNjMSIsInR5cCI6ImFjY2VzcyJ9.9jIZgmMdtqhybhcDBSjUQj3MYa4u-ZX6HMfrB6_z69-3pRp96sUHLjF_yxTI8pdFPo7FG94zj_c_aI_MnC3d1g
                                                                                                                                                              user-agent: PDQ rover 5.5.1
                                                                                                                                                              x-release-channel: stable
                                                                                                                                                              x-pdq-key-ids: ask_b357915753b14d77946
                                                                                                                                                              x-auth-challenge-signature: 18b3927a0fcda9263a79513afda2644664dee855d4412f98bda32f73d26351b04e6e537183ecc2b53992c663dd8d2fe907cab300246f958beea8478cc4d5510f
                                                                                                                                                              x-auth-challenge-token: SFMyNTY.g2gDdAAAAAJtAAAACWNoYWxsZW5nZW0AAABAMUNGMDIzODI5OEQ5RjE0ODU0RjkzQjQyRDQ2QUMyMUE2QzcyQkU2QTkxMkM0NjI4MTg2NDRGNDU3MTEyQjcwMW0AAAAJZGV2aWNlX2lkbQAAACRkdmNfY2YwM2Q3M2U2YzZiMzRhYmM4YmM4NDA5ZjhlZTEzYzFuBgDc2rlmkgFiAAFRgA.Pv8qOVmhQgehVWR2BeHfaInVq9xkEGeTWoD0s36HirQ
                                                                                                                                                              2024-10-07 11:25:09 UTC246INHTTP/1.1 400 Bad Request
                                                                                                                                                              cache-control: max-age=0, private, must-revalidate
                                                                                                                                                              Content-Length: 50
                                                                                                                                                              date: Mon, 07 Oct 2024 11:25:09 GMT
                                                                                                                                                              server: Cowboy
                                                                                                                                                              via: 1.1 google
                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                              Connection: close
                                                                                                                                                              2024-10-07 11:25:09 UTC50INData Raw: 27 63 6f 6e 6e 65 63 74 69 6f 6e 27 20 68 65 61 64 65 72 20 6d 75 73 74 20 63 6f 6e 74 61 69 6e 20 27 75 70 67 72 61 64 65 27 2c 20 67 6f 74 20 5b 5d
                                                                                                                                                              Data Ascii: 'connection' header must contain 'upgrade', got []


                                                                                                                                                              Statistics

                                                                                                                                                              CPU Usage

                                                                                                                                                              Click to jump to process

                                                                                                                                                              Memory Usage

                                                                                                                                                              Click to jump to process

                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                              Behavior

                                                                                                                                                              Click to jump to process

                                                                                                                                                              System Behavior

                                                                                                                                                              General

                                                                                                                                                              Target ID:0
                                                                                                                                                              Start time:07:23:03
                                                                                                                                                              Start date:07/10/2024
                                                                                                                                                              Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Portal.msi"
                                                                                                                                                              Imagebase:0x7ff6f6f10000
                                                                                                                                                              File size:69'632 bytes
                                                                                                                                                              MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:high
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:1
                                                                                                                                                              Start time:07:23:04
                                                                                                                                                              Start date:07/10/2024
                                                                                                                                                              Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                              Imagebase:0x7ff6f6f10000
                                                                                                                                                              File size:69'632 bytes
                                                                                                                                                              MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:high
                                                                                                                                                              Has exited:false

                                                                                                                                                              General

                                                                                                                                                              Target ID:3
                                                                                                                                                              Start time:07:23:04
                                                                                                                                                              Start date:07/10/2024
                                                                                                                                                              Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:C:\Windows\System32\MsiExec.exe -Embedding 6CC2AEC21F9691D9400C52C3CC91B334
                                                                                                                                                              Imagebase:0x7ff6f6f10000
                                                                                                                                                              File size:69'632 bytes
                                                                                                                                                              MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:high
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:4
                                                                                                                                                              Start time:07:23:04
                                                                                                                                                              Start date:07/10/2024
                                                                                                                                                              Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:rundll32.exe "C:\Windows\Installer\MSI146E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6952171 2 WixSharp!WixSharp.ManagedProjectActions.WixSharp_InitRuntime_Action
                                                                                                                                                              Imagebase:0x7ff696b10000
                                                                                                                                                              File size:71'680 bytes
                                                                                                                                                              MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:high
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:5
                                                                                                                                                              Start time:07:23:07
                                                                                                                                                              Start date:07/10/2024
                                                                                                                                                              Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:rundll32.exe "C:\Windows\Installer\MSI1F6E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6954890 16 WixSharp!WixSharp.ManagedProjectActions.WixSharp_BeforeInstall_Action
                                                                                                                                                              Imagebase:0x7ff696b10000
                                                                                                                                                              File size:71'680 bytes
                                                                                                                                                              MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:high
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:6
                                                                                                                                                              Start time:07:23:09
                                                                                                                                                              Start date:07/10/2024
                                                                                                                                                              Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:C:\Windows\System32\MsiExec.exe -Embedding F809AF2B04EF2DCECEB62F05202EAA97 E Global\MSI0000
                                                                                                                                                              Imagebase:0x7ff6f6f10000
                                                                                                                                                              File size:69'632 bytes
                                                                                                                                                              MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:high
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:7
                                                                                                                                                              Start time:07:23:09
                                                                                                                                                              Start date:07/10/2024
                                                                                                                                                              Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:rundll32.exe "C:\Windows\Installer\MSI2676.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6956718 38 pdqconnectagent-setup!pdqconnectagent_setup.CustomActions.CreateEventSource
                                                                                                                                                              Imagebase:0x7ff696b10000
                                                                                                                                                              File size:71'680 bytes
                                                                                                                                                              MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:high
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:8
                                                                                                                                                              Start time:07:23:10
                                                                                                                                                              Start date:07/10/2024
                                                                                                                                                              Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:rundll32.exe "C:\Windows\Installer\MSI2C05.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6958093 44 pdqconnectagent-setup!pdqconnectagent_setup.CustomActions.WriteToken
                                                                                                                                                              Imagebase:0x7ff696b10000
                                                                                                                                                              File size:71'680 bytes
                                                                                                                                                              MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:high
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:9
                                                                                                                                                              Start time:07:23:12
                                                                                                                                                              Start date:07/10/2024
                                                                                                                                                              Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:rundll32.exe "C:\Windows\Installer\MSI328E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6959781 50 pdqconnectagent-setup!pdqconnectagent_setup.CustomActions.StartService
                                                                                                                                                              Imagebase:0x7ff696b10000
                                                                                                                                                              File size:71'680 bytes
                                                                                                                                                              MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:high
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:10
                                                                                                                                                              Start time:07:23:13
                                                                                                                                                              Start date:07/10/2024
                                                                                                                                                              Path:C:\Windows\System32\sc.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Windows\system32\sc.exe" start "PDQConnectAgent"
                                                                                                                                                              Imagebase:0x7ff6cc010000
                                                                                                                                                              File size:72'192 bytes
                                                                                                                                                              MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:moderate
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:11
                                                                                                                                                              Start time:07:23:13
                                                                                                                                                              Start date:07/10/2024
                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Reputation:high
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:12
                                                                                                                                                              Start time:07:23:13
                                                                                                                                                              Start date:07/10/2024
                                                                                                                                                              Path:C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"C:\Program Files\PDQ\PDQConnectAgent\pdq-connect-agent.exe" --service
                                                                                                                                                              Imagebase:0x7ff78c9f0000
                                                                                                                                                              File size:9'066'264 bytes
                                                                                                                                                              MD5 hash:0B92E149D8047B46F69D9E31B0DA5500
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Antivirus matches:
                                                                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                                                                              Has exited:false

                                                                                                                                                              General

                                                                                                                                                              Target ID:14
                                                                                                                                                              Start time:07:23:28
                                                                                                                                                              Start date:07/10/2024
                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command -
                                                                                                                                                              Imagebase:0x7ff7be880000
                                                                                                                                                              File size:452'608 bytes
                                                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:15
                                                                                                                                                              Start time:07:23:28
                                                                                                                                                              Start date:07/10/2024
                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:16
                                                                                                                                                              Start time:07:23:34
                                                                                                                                                              Start date:07/10/2024
                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command -
                                                                                                                                                              Imagebase:0x7ff7be880000
                                                                                                                                                              File size:452'608 bytes
                                                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:17
                                                                                                                                                              Start time:07:23:34
                                                                                                                                                              Start date:07/10/2024
                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:18
                                                                                                                                                              Start time:07:23:42
                                                                                                                                                              Start date:07/10/2024
                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command -
                                                                                                                                                              Imagebase:0x7ff7be880000
                                                                                                                                                              File size:452'608 bytes
                                                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:19
                                                                                                                                                              Start time:07:23:42
                                                                                                                                                              Start date:07/10/2024
                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:21
                                                                                                                                                              Start time:07:23:55
                                                                                                                                                              Start date:07/10/2024
                                                                                                                                                              Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:"powershell.exe" -NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -Command -
                                                                                                                                                              Imagebase:0x7ff7be880000
                                                                                                                                                              File size:452'608 bytes
                                                                                                                                                              MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              General

                                                                                                                                                              Target ID:22
                                                                                                                                                              Start time:07:23:55
                                                                                                                                                              Start date:07/10/2024
                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                              Imagebase:0x7ff6d64d0000
                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                              Has exited:true

                                                                                                                                                              Disassembly

                                                                                                                                                              Reset < >

                                                                                                                                                                Executed Functions

                                                                                                                                                                Function 00007FF848A46D65 Relevance: .8, Instructions: 799COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: c3eeb33ab405f9f56ad16ce459c2d7b1726c2c95773cf69aba0f9c2827234f73
                                                                                                                                                                • Instruction ID: 0447f65684197ed4c0241193b245a57cef4d6ebd7c1407b26ee63d11a910d725
                                                                                                                                                                • Opcode Fuzzy Hash: c3eeb33ab405f9f56ad16ce459c2d7b1726c2c95773cf69aba0f9c2827234f73
                                                                                                                                                                • Instruction Fuzzy Hash: EA325821E0EACA4FEB55F63C58562B97BD0EF85B90F0801BAD44AC7193DF5C68068396
                                                                                                                                                                Function 00007FF848A41610 Relevance: .6, Instructions: 560COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 9b0030bf2e6fbec2ef811032a566b10973cde6319547b99d6c4903f7ea5a5bf0
                                                                                                                                                                • Instruction ID: 805d4149b6e9dd0174cd69b8925377813f9221bd24e8668a934b9aba27045625
                                                                                                                                                                • Opcode Fuzzy Hash: 9b0030bf2e6fbec2ef811032a566b10973cde6319547b99d6c4903f7ea5a5bf0
                                                                                                                                                                • Instruction Fuzzy Hash: AE024A31E0EA854FEB59EA7C681A3797BE1FF45B50F1900BAC049C71D7CEA89C01835A
                                                                                                                                                                Function 00007FF848A447EA Relevance: 2.6, Strings: 2, Instructions: 65COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: H$x
                                                                                                                                                                • API String ID: 0-788405698
                                                                                                                                                                • Opcode ID: 9641bef688b308f01a65b3602688d6c2f62fb46b7bf83a9ad1c0cfd5e33e4f95
                                                                                                                                                                • Instruction ID: cc1c5869798556f1273fb2819c5d460fa905b3a7b6bc0260f1b8c0277d35966e
                                                                                                                                                                • Opcode Fuzzy Hash: 9641bef688b308f01a65b3602688d6c2f62fb46b7bf83a9ad1c0cfd5e33e4f95
                                                                                                                                                                • Instruction Fuzzy Hash: 7811903061F6895FEB86FB7844161BE7BD1EF86294F4884FDC44DC71A6DA6C98058311
                                                                                                                                                                Function 00007FF848A44E8D Relevance: 1.6, Strings: 1, Instructions: 394COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: QF_H
                                                                                                                                                                • API String ID: 0-1673973392
                                                                                                                                                                • Opcode ID: 526c49e3c9de74d1b3ad786ef8696a63d1d4c74dfe7f722622df51b9fe74f21b
                                                                                                                                                                • Instruction ID: 68859a4ab1c8a28f22b306de2ab985cf963d9a1d85ca7fb186a8216bff01a2bd
                                                                                                                                                                • Opcode Fuzzy Hash: 526c49e3c9de74d1b3ad786ef8696a63d1d4c74dfe7f722622df51b9fe74f21b
                                                                                                                                                                • Instruction Fuzzy Hash: 67B13221E0FA864FEB94F23C14572B92AC1EF85B90F1440BAD44AC71D3DE9C9C4683A6
                                                                                                                                                                Function 00007FF848A4765E Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: (
                                                                                                                                                                • API String ID: 0-3887548279
                                                                                                                                                                • Opcode ID: 82b1a55c3b3db8cda1fdc5c0b255bdaed481769db15856983650030965dea372
                                                                                                                                                                • Instruction ID: d0845d1509c4f188991681bada868a6455e28e964bb3ba6517bb295c33b3fcdf
                                                                                                                                                                • Opcode Fuzzy Hash: 82b1a55c3b3db8cda1fdc5c0b255bdaed481769db15856983650030965dea372
                                                                                                                                                                • Instruction Fuzzy Hash: 61313951A1FBC91FE786A778481A2B9BFD1EF86554B0940FFC44ACB197CE4C5C0A8352
                                                                                                                                                                Function 00007FF848A447AE Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: x
                                                                                                                                                                • API String ID: 0-2363233923
                                                                                                                                                                • Opcode ID: 06cfeb043938684d0bff2368758b8c4bf59f92abdc1e67a7112f04a58ef604f4
                                                                                                                                                                • Instruction ID: 3bf933203db3c9010b21770bd2bb21cc01edcf7d2b22dab5bb704a3172ed456f
                                                                                                                                                                • Opcode Fuzzy Hash: 06cfeb043938684d0bff2368758b8c4bf59f92abdc1e67a7112f04a58ef604f4
                                                                                                                                                                • Instruction Fuzzy Hash: 9011937060F68A4FEB42FB6484176BA7BD1EF85294F5880B9C44DC71A6CAAC98458311
                                                                                                                                                                Function 00007FF848A44813 Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: x
                                                                                                                                                                • API String ID: 0-2363233923
                                                                                                                                                                • Opcode ID: 1c815f36b1fb9dbf014d5cdc7d96ddb678f4d5b7d449631a32520fa169a71ec5
                                                                                                                                                                • Instruction ID: 3f13e4ee9345b6486773a89e8a5c8de02f546d82ebcd67b784e00fa13ea4ea2d
                                                                                                                                                                • Opcode Fuzzy Hash: 1c815f36b1fb9dbf014d5cdc7d96ddb678f4d5b7d449631a32520fa169a71ec5
                                                                                                                                                                • Instruction Fuzzy Hash: 7911083060EA888FDB85FB38841A2BD7BD1EF95250B0840FDD40DC71A6CE6C9C058701
                                                                                                                                                                Function 00007FF848A47700 Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: (
                                                                                                                                                                • API String ID: 0-3887548279
                                                                                                                                                                • Opcode ID: f58fb13818b5eb068d0ace60e7588191af8e21e6144c0821053b41db5225aa48
                                                                                                                                                                • Instruction ID: 24ff8743efcc1727208d7112ba7b4ad23cacc4f945baad72ced523f2a8ce0b53
                                                                                                                                                                • Opcode Fuzzy Hash: f58fb13818b5eb068d0ace60e7588191af8e21e6144c0821053b41db5225aa48
                                                                                                                                                                • Instruction Fuzzy Hash: 99F0892171FA8D4FE794EE2C5405275B3C2EB89A94F1449B9C44AC71C5DF54A8098396
                                                                                                                                                                Function 00007FF848A46715 Relevance: .4, Instructions: 368COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 8aa7fe5ceafffcf84f5217f8f572d2352bb9f1e23cb689f46b67f53a252e8480
                                                                                                                                                                • Instruction ID: d47d50270f001c91b7dcf7266509cc1e2dc789a2f72fb11c5d3d21c003bc8c42
                                                                                                                                                                • Opcode Fuzzy Hash: 8aa7fe5ceafffcf84f5217f8f572d2352bb9f1e23cb689f46b67f53a252e8480
                                                                                                                                                                • Instruction Fuzzy Hash: 65A12831E0EA9A4FFB59F63844562B93BD1EF85B90F1801BED44DC31D3DE9858028756
                                                                                                                                                                Function 00007FF848A43050 Relevance: .4, Instructions: 354COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: ac3332cab440e494423c9f274cbdc6f546cbd509a1feb8891d4acabcdf67959c
                                                                                                                                                                • Instruction ID: b41936b4c0e96d0a128c50b02fc7c0fa1338b4e9392d1282406de48ec8d46407
                                                                                                                                                                • Opcode Fuzzy Hash: ac3332cab440e494423c9f274cbdc6f546cbd509a1feb8891d4acabcdf67959c
                                                                                                                                                                • Instruction Fuzzy Hash: CAA14621B0EA5A0FEB58F67C58475F97791EF89BA0F1401BAD00AC32D3DE9C58428396
                                                                                                                                                                Function 00007FF848A47766 Relevance: .3, Instructions: 342COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 60755737e631b9105cd5bdfeeb4d63ce4de11bca47251c5c28fa834f136bde0d
                                                                                                                                                                • Instruction ID: 1105b0140541b47c3b43d9999c6f18c680d85b7b542bde7cb5841d2a6689eb60
                                                                                                                                                                • Opcode Fuzzy Hash: 60755737e631b9105cd5bdfeeb4d63ce4de11bca47251c5c28fa834f136bde0d
                                                                                                                                                                • Instruction Fuzzy Hash: B6B1B230618A8D8FEB68EF28C8567F977D1EB55310F04417ED84EC7292CB78A941CB96
                                                                                                                                                                Function 00007FF848A46858 Relevance: .3, Instructions: 297COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 909bee1b0bac63bb312ddea6c53fa910b7e01ed48182e49f788bf89c7b4517c9
                                                                                                                                                                • Instruction ID: f8c1c86a069bdb7ee9a14034a456d1b4161b53b0ac6cc4881a0c689c63322219
                                                                                                                                                                • Opcode Fuzzy Hash: 909bee1b0bac63bb312ddea6c53fa910b7e01ed48182e49f788bf89c7b4517c9
                                                                                                                                                                • Instruction Fuzzy Hash: 0B81F631E0EA5A4EFB58F62858172B937D1EF85B90F18017ED44EC31D3DE986C02869A
                                                                                                                                                                Function 00007FF848A46218 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: d9a7504fe2328a22b6523d18350a6f1d9b1096458674976ca25903b86b8a4b2e
                                                                                                                                                                • Instruction ID: a65593c87010f7b25f4ab695657da388f9eb23b7cf777f20a9136f26690aacd3
                                                                                                                                                                • Opcode Fuzzy Hash: d9a7504fe2328a22b6523d18350a6f1d9b1096458674976ca25903b86b8a4b2e
                                                                                                                                                                • Instruction Fuzzy Hash: 3961B631E0EA1A4FFF58F66854572BA76D1EF85B90F14413DD40EC31C2DE98AC02869A
                                                                                                                                                                Function 00007FF848A42AE0 Relevance: .2, Instructions: 220COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 2be4766ec04f0b95c6d5eac40dc37a5d259b063b77c7c319559fcc2427dabb02
                                                                                                                                                                • Instruction ID: 10cf81be06b38a545e1846f3809e30adf7d8271e654be9157c6640d080d3d84a
                                                                                                                                                                • Opcode Fuzzy Hash: 2be4766ec04f0b95c6d5eac40dc37a5d259b063b77c7c319559fcc2427dabb02
                                                                                                                                                                • Instruction Fuzzy Hash: 97510521E0FA860FEB56F63818562B56BD1DF86A94F0841FAC449C71D7DE4C5C078366
                                                                                                                                                                Function 00007FF848A43110 Relevance: .2, Instructions: 210COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 8c2b0ad6ac91fb946acc7e3bb03c35b8a0fd69164225b8201ca67f3cd366c831
                                                                                                                                                                • Instruction ID: cfec4228a49339b8bb5d239e1ba8e93de5245cd8a59654f7235646badc10c0a4
                                                                                                                                                                • Opcode Fuzzy Hash: 8c2b0ad6ac91fb946acc7e3bb03c35b8a0fd69164225b8201ca67f3cd366c831
                                                                                                                                                                • Instruction Fuzzy Hash: C5513521F1EA5A0FEB65B63C14572F97BE1EF89AA0F5402B6D40EC31D3DE4C58424366
                                                                                                                                                                Function 00007FF848A434D1 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: afadefab624e5c72e5b4fe5eba67bbda174dffe0fa112a0da8a79546eb734b3f
                                                                                                                                                                • Instruction ID: 9c70e09ccc5de786adcc0c0d3545c8e79a43a7fbb3e0be40e42d159adda31f9b
                                                                                                                                                                • Opcode Fuzzy Hash: afadefab624e5c72e5b4fe5eba67bbda174dffe0fa112a0da8a79546eb734b3f
                                                                                                                                                                • Instruction Fuzzy Hash: 1551E431A0DA498FDB95EF6CD84A9E9BBE0FF59350F1400BEE449C32A2DB759841CB41
                                                                                                                                                                Function 00007FF848A45795 Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: be88d890afc5675abbbe48c871460c1c29411fe28228d0359aaf25d34bec6882
                                                                                                                                                                • Instruction ID: 714e9c33b87333e59db9bed09c40cf5989de1a7c02e6ccf75b09409c562a1cdd
                                                                                                                                                                • Opcode Fuzzy Hash: be88d890afc5675abbbe48c871460c1c29411fe28228d0359aaf25d34bec6882
                                                                                                                                                                • Instruction Fuzzy Hash: EB511831E0EA594FEB95E628945A3BC7BE0EF49B90F1500BAC00EC71D2DF685845C366
                                                                                                                                                                Function 00007FF848A453B0 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: c7bec5c4831f19bbdbcde830147f57e1d4e017b4b05da2808787522731bc8d34
                                                                                                                                                                • Instruction ID: be390021378efe26dd07cb2a640f498b258fbb63cd9f6f3cb0199d5eece2d04b
                                                                                                                                                                • Opcode Fuzzy Hash: c7bec5c4831f19bbdbcde830147f57e1d4e017b4b05da2808787522731bc8d34
                                                                                                                                                                • Instruction Fuzzy Hash: A6416921A0EA861FD769FB3C58575797BE1FF85791B0841BEC40ACB1C3CE5C680A8356
                                                                                                                                                                Function 00007FF848A41C51 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 8df7d76dde8479360e26e5f4f9107aba975d223e86eb74e870496829dca82fd6
                                                                                                                                                                • Instruction ID: 93df6309294362ee4c0c41b5f14df52b385e088c40dbe2efd5c655192a081e4c
                                                                                                                                                                • Opcode Fuzzy Hash: 8df7d76dde8479360e26e5f4f9107aba975d223e86eb74e870496829dca82fd6
                                                                                                                                                                • Instruction Fuzzy Hash: C841D23091E6C94FDB16ABA858596B67FB4EF13365F0801AFD089C2193CB982416C76A
                                                                                                                                                                Function 00007FF848A45E95 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 5f4375e89dc71c8af46782a5c070471c1cfc402535fb6d806d49a986a70ff4ba
                                                                                                                                                                • Instruction ID: aca597deec3c64b0f4b37b5e836295e399d90dcd6d346af7b1dbbed00286cb7b
                                                                                                                                                                • Opcode Fuzzy Hash: 5f4375e89dc71c8af46782a5c070471c1cfc402535fb6d806d49a986a70ff4ba
                                                                                                                                                                • Instruction Fuzzy Hash: 31413421A0EA4A0FEB84F67C541B2B937D0DF95AA0F1846BAD04DC71E2DE9C584243A7
                                                                                                                                                                Function 00007FF848A4523D Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 565ba54adec8e4543ec11232ccdcc170845fb34f01da52ddcf8e4538b6382934
                                                                                                                                                                • Instruction ID: fd3188e9e5fc3b1d8b180a6e148112c2fd5207daad71433e4d2d6c89e514890f
                                                                                                                                                                • Opcode Fuzzy Hash: 565ba54adec8e4543ec11232ccdcc170845fb34f01da52ddcf8e4538b6382934
                                                                                                                                                                • Instruction Fuzzy Hash: 0531583190E65C4FEB45FB7888075E97BE0EF89760F0500BAE009D73A2CB685C01C7A2
                                                                                                                                                                Function 00007FF848A402E0 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 24846cd4242f532761066065f2dc61b59d47665c124762bda7af9a97179b5e03
                                                                                                                                                                • Instruction ID: 442b0ec8a127f60d14af6f2a9f08d10111f37f37ed0e12b451abb3e8c036c74d
                                                                                                                                                                • Opcode Fuzzy Hash: 24846cd4242f532761066065f2dc61b59d47665c124762bda7af9a97179b5e03
                                                                                                                                                                • Instruction Fuzzy Hash: 2731E871A0A61C4FEB54FB7888479EE77E0EF49760F44417AE409D3792CB646801C755
                                                                                                                                                                Function 00007FF848A45858 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 0457e38917a28bd87b534e0352bfbd381d1d1b7c9b109e04eeca4550baa58b9b
                                                                                                                                                                • Instruction ID: b15a2784f934242c04f8782b8f1b018cf44527322460faa93026a4f6d80bc8bf
                                                                                                                                                                • Opcode Fuzzy Hash: 0457e38917a28bd87b534e0352bfbd381d1d1b7c9b109e04eeca4550baa58b9b
                                                                                                                                                                • Instruction Fuzzy Hash: F9219D31E1EA1D8FEF94FA68944A2FD76E1EF48751F10003AD40DE3292DFA858418766
                                                                                                                                                                Function 00007FF848A41D90 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: d158a36f3640621a50ff55c45e429beb230751d48fe22ddc0151e1727043b2fc
                                                                                                                                                                • Instruction ID: 8c78955ce2b5107933b9a4d785b657812bc87fb85a3e3724928b3dd097925efa
                                                                                                                                                                • Opcode Fuzzy Hash: d158a36f3640621a50ff55c45e429beb230751d48fe22ddc0151e1727043b2fc
                                                                                                                                                                • Instruction Fuzzy Hash: 0221F430C1E6664FEB69E738446B5B57FE0DF466A0B0402FFC404C31E2EE9C588A8356
                                                                                                                                                                Function 00007FF848A4515A Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 361424abe0b40bcd83ffa545e588c8bfc52f6ae09ebbffc83e0c3c6f3982e8e0
                                                                                                                                                                • Instruction ID: a4c80361be9da45cd2d0571014bbc6511ad6541de2d957f98dc1207f08e56741
                                                                                                                                                                • Opcode Fuzzy Hash: 361424abe0b40bcd83ffa545e588c8bfc52f6ae09ebbffc83e0c3c6f3982e8e0
                                                                                                                                                                • Instruction Fuzzy Hash: 09116A30B1D9464FEE88F72C449627DA2D1EFD4B94F645939E40FC21D6DE6CE8404256
                                                                                                                                                                Function 00007FF848A472EB Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: a3ee4bce520c6b84e1a503bde511f7d2852eda9932ba75f0bc2e29f53f553570
                                                                                                                                                                • Instruction ID: 061ddafd2fe5af0fa30fb24c40ca303d38e4ec62032dbcc4d1b41c81f554b897
                                                                                                                                                                • Opcode Fuzzy Hash: a3ee4bce520c6b84e1a503bde511f7d2852eda9932ba75f0bc2e29f53f553570
                                                                                                                                                                • Instruction Fuzzy Hash: 7B116A60B1EA4A4EEB84F738585277D62C1EF84B94FA0593CE81EC22D6CF6CF8454256
                                                                                                                                                                Function 00007FF848A48098 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: ad88d21797a1f9974500ecc786c5e43d06aa7e2d1b107a82f0b9784c17dccefb
                                                                                                                                                                • Instruction ID: 98357d7a467b3c76da894899cbaf0e0dbc87f280ef88261e09ccb79ff91392c2
                                                                                                                                                                • Opcode Fuzzy Hash: ad88d21797a1f9974500ecc786c5e43d06aa7e2d1b107a82f0b9784c17dccefb
                                                                                                                                                                • Instruction Fuzzy Hash: 8101F17061E989AFEB81FBB8881B5BA77D0EF45260B4041B9C40EC71A2CE6C9C428701
                                                                                                                                                                Function 00007FF848A433C5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 6c3fc750ed2405e323441b25cc2645999d6e071b5a97657b612f7575e9903da4
                                                                                                                                                                • Instruction ID: 50a2223d3d8895f4bd5c477cec3ea1d060d01f3006f56287628be5a542ca25cb
                                                                                                                                                                • Opcode Fuzzy Hash: 6c3fc750ed2405e323441b25cc2645999d6e071b5a97657b612f7575e9903da4
                                                                                                                                                                • Instruction Fuzzy Hash: 1801D15590E6C58FDBA2E73C4861A617FE0DF07651B1804EFD0C8CB093DA886C49C363
                                                                                                                                                                Function 00007FF848A44DA9 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: e1ed4edb6d116786f35954166c99eb8b88cdeb72864a5ad216d77a8bb86d2b45
                                                                                                                                                                • Instruction ID: 4e0d4ebe0fda8ffc0e6d181dbe95459032be04b73b2dc562ccb3bcc84fa06964
                                                                                                                                                                • Opcode Fuzzy Hash: e1ed4edb6d116786f35954166c99eb8b88cdeb72864a5ad216d77a8bb86d2b45
                                                                                                                                                                • Instruction Fuzzy Hash: C7F0A43180E5889FDB42FBB448165D97BF0EF05250F0441EAD048C7153CB6D95048B62
                                                                                                                                                                Function 00007FF848A466C9 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: b2cc620fdd3232430af2370f76ef5ab695fa4c4a0b4cd3210dc3614d2b852760
                                                                                                                                                                • Instruction ID: b5146eda28b9c6fffddbc53308e8ef9e96c34a545f653bac003bf1b45a130930
                                                                                                                                                                • Opcode Fuzzy Hash: b2cc620fdd3232430af2370f76ef5ab695fa4c4a0b4cd3210dc3614d2b852760
                                                                                                                                                                • Instruction Fuzzy Hash: A1F0E522E2DC594FE9E8F62C64463A662D0FB98750F4811BAE44BC3586DE98BC428395
                                                                                                                                                                Function 00007FF848A45519 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 8a0648acf0e396c4f3afd3e9c4e5b3926b2acfec8471ce2e84413fd108793c9b
                                                                                                                                                                • Instruction ID: f936d66fa56739b38ebb1e6b74cb4fc4c730538410698810b8f1b094a65abdd0
                                                                                                                                                                • Opcode Fuzzy Hash: 8a0648acf0e396c4f3afd3e9c4e5b3926b2acfec8471ce2e84413fd108793c9b
                                                                                                                                                                • Instruction Fuzzy Hash: 11E02620F5FD4A4FEE85FA2CB81227836C3EF906B6F882079C40CC2191CE98D8458367
                                                                                                                                                                Function 00007FF848A4485E Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: ac6b94efe706b2e8937a8776e49a5a3cf3a4caebc1580dd2a700b4ab367cd2b0
                                                                                                                                                                • Instruction ID: 6acafed590e8936b85c18f285913b38c6bab28b73dd9db73dd345e9d12cfbb95
                                                                                                                                                                • Opcode Fuzzy Hash: ac6b94efe706b2e8937a8776e49a5a3cf3a4caebc1580dd2a700b4ab367cd2b0
                                                                                                                                                                • Instruction Fuzzy Hash: 27E09A30A1A98A4FEB45FB6894232FEB7A2FFC4294F4444B5D40DC3196DE6C5C118701
                                                                                                                                                                Function 00007FF848A423BA Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 44cce7f499a2b852f21aea7d4ad8a1aff09d268a44e7f9147553b35291b9dfe6
                                                                                                                                                                • Instruction ID: 9f3481c790d6d93baa8adc66c12002825430cd4bff0f6a4ed20b9a672e3213a9
                                                                                                                                                                • Opcode Fuzzy Hash: 44cce7f499a2b852f21aea7d4ad8a1aff09d268a44e7f9147553b35291b9dfe6
                                                                                                                                                                • Instruction Fuzzy Hash: A9A01100A8BA020AAA8830320A020A020800A082E2FC800A0AC08C00C3EA8C82CA2222

                                                                                                                                                                Non-executed Functions

                                                                                                                                                                Function 00007FF848A412D0 Relevance: 1.6, Strings: 1, Instructions: 356COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: 2@_I
                                                                                                                                                                • API String ID: 0-970971737
                                                                                                                                                                • Opcode ID: 333d67a5b13d782b12155983e9b619ea4b6dba13f1a1e7fc74bf5b2376e388b3
                                                                                                                                                                • Instruction ID: 705df06793b89bf8d938ab27c214215873b8ec2aaee5d5019261da09a83211d5
                                                                                                                                                                • Opcode Fuzzy Hash: 333d67a5b13d782b12155983e9b619ea4b6dba13f1a1e7fc74bf5b2376e388b3
                                                                                                                                                                • Instruction Fuzzy Hash: 73B19352D0E5D24FE656EA7C381A2752FA0FB57F50B1D40FBC0888B1DF99A89C06835B
                                                                                                                                                                Function 00007FF848A412F0 Relevance: 1.5, Strings: 1, Instructions: 246COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: 2@_I
                                                                                                                                                                • API String ID: 0-970971737
                                                                                                                                                                • Opcode ID: 48eeece6896665f39e96cc68df88f2b6c45c214bde49feec87f5f941047a3bae
                                                                                                                                                                • Instruction ID: e0319457eff0756f6c0f0bf4a4408d600a5fa9c413a3a23dd4815d4abeaa3e49
                                                                                                                                                                • Opcode Fuzzy Hash: 48eeece6896665f39e96cc68df88f2b6c45c214bde49feec87f5f941047a3bae
                                                                                                                                                                • Instruction Fuzzy Hash: 0E71A352D0E9D24FE656E96C381A3351EA1FB53F50B1A41FBC0888B0DF99A89C06835A
                                                                                                                                                                Function 00007FF848A43741 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000004.00000003.2074558174.00007FF848A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A40000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_4_3_7ff848a40000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: c11c996e5185fea1811cc12b029edd85cd9bc645de5994fb3ddf3f5f0662cb1a
                                                                                                                                                                • Instruction ID: 8d765f37b2f637a7c96ff4d591e969e03b4a584effebde955f78797b1561533e
                                                                                                                                                                • Opcode Fuzzy Hash: c11c996e5185fea1811cc12b029edd85cd9bc645de5994fb3ddf3f5f0662cb1a
                                                                                                                                                                • Instruction Fuzzy Hash: 3E913A2150E6C55FE75AE73C9866A717FE0EF43664F1801FAD0C9C7093DA889C46C366

                                                                                                                                                                Executed Functions

                                                                                                                                                                Function 00007FF848A11610 Relevance: .6, Instructions: 561COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000005.00000003.2087234116.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_5_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: faf7e66b085c2ea38e58dfa97e0fdbbedb52aea63f428a602881ac64c5d45b68
                                                                                                                                                                • Instruction ID: 1148d8acf213440fcd0ebdab54d072d4c8e0d679e0d633cc91973538f6e7a2e0
                                                                                                                                                                • Opcode Fuzzy Hash: faf7e66b085c2ea38e58dfa97e0fdbbedb52aea63f428a602881ac64c5d45b68
                                                                                                                                                                • Instruction Fuzzy Hash: AD025731E0EA854FE759EA3C681A2787BE1FF85740F0841BAD049D72C7DE789C02875A
                                                                                                                                                                Function 00007FF848A17549 Relevance: 1.6, Strings: 1, Instructions: 326COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000005.00000003.2087234116.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_5_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: H
                                                                                                                                                                • API String ID: 0-2852464175
                                                                                                                                                                • Opcode ID: c691618482451c8348d78778e2a962b1d3de3e089ffa374c57324fed2db4777a
                                                                                                                                                                • Instruction ID: 13f179298ac562cd3654745823f2421135021494d541a075f4052480de14cb62
                                                                                                                                                                • Opcode Fuzzy Hash: c691618482451c8348d78778e2a962b1d3de3e089ffa374c57324fed2db4777a
                                                                                                                                                                • Instruction Fuzzy Hash: E5916A31E0EA064FE75CEA1894576B977C1EF84780F10117DE45EC32D6DF68A8428797
                                                                                                                                                                Function 00007FF848A14CD3 Relevance: 1.6, Strings: 1, Instructions: 319COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Strings
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000005.00000003.2087234116.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_5_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID: ^J
                                                                                                                                                                • API String ID: 0-2621320605
                                                                                                                                                                • Opcode ID: 1c5cab8866a657e8b54e125532fa7d308759c8783f1cd7def72b6a79ccd50057
                                                                                                                                                                • Instruction ID: 81f747afb0b9e946aaecb7b3f5d8d2f96fa3d71915c590d597f504e4752a33c0
                                                                                                                                                                • Opcode Fuzzy Hash: 1c5cab8866a657e8b54e125532fa7d308759c8783f1cd7def72b6a79ccd50057
                                                                                                                                                                • Instruction Fuzzy Hash: 2AA1CF75A1DA4A8FDB88EF2CC8916A937A2FF98314F10016DD41ECB2D2DB75D812C741
                                                                                                                                                                Function 00007FF848A17FF2 Relevance: .4, Instructions: 434COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000005.00000003.2087234116.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_5_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 306162b79d7c80e1478261d8977e93fa8fd0c3582bd59d2c09fdd39591d98c8f
                                                                                                                                                                • Instruction ID: 11310d98a5988e582d86e87ee68c3bee989df2cc81e9ecc823cb27537539c128
                                                                                                                                                                • Opcode Fuzzy Hash: 306162b79d7c80e1478261d8977e93fa8fd0c3582bd59d2c09fdd39591d98c8f
                                                                                                                                                                • Instruction Fuzzy Hash: D7A12632E0D95E5FDB94FB6CA4419F977E0EF997A0F0801BAC00DC7193DE28984A8791
                                                                                                                                                                Function 00007FF848A122A8 Relevance: .4, Instructions: 398COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000005.00000003.2087234116.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_5_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: e248771840bef18e981c16980859f628d3e0a044ab0031b5c7cc63d4c7ec9fd4
                                                                                                                                                                • Instruction ID: 4142582e5013e379f0223729a6acf34b01664b4460d6b48eacb8a9a4b3a58698
                                                                                                                                                                • Opcode Fuzzy Hash: e248771840bef18e981c16980859f628d3e0a044ab0031b5c7cc63d4c7ec9fd4
                                                                                                                                                                • Instruction Fuzzy Hash: A2B14931A0EA4A0FE749FA3C98561B97BE1EF86354F0401BBD48EC71D3DE59A8138356
                                                                                                                                                                Function 00007FF848A13050 Relevance: .4, Instructions: 370COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000005.00000003.2087234116.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_5_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 944785b404c0f8a4a4ee00ed94d8148f8b966ecbb0a4ddff662be00c40bf5c9e
                                                                                                                                                                • Instruction ID: c86d70adedfc0cd94ecd400b597cf042d2170136d429d6677aad2296bf38c730
                                                                                                                                                                • Opcode Fuzzy Hash: 944785b404c0f8a4a4ee00ed94d8148f8b966ecbb0a4ddff662be00c40bf5c9e
                                                                                                                                                                • Instruction Fuzzy Hash: 14A13821B0EA5A0FEB58F63C58571F97791EF897A0F5401BAD04EC72D3DE5C580283AA
                                                                                                                                                                Function 00007FF848A15ECD Relevance: .3, Instructions: 344COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000005.00000003.2087234116.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_5_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 9a44a003b2adc5dcefc8ff526d2530971c5d3068047d9fdcc44b124b31711f55
                                                                                                                                                                • Instruction ID: cce45d1ddb7429b6cbfadea7a675521551e66ea065dab6c0ac3fc2ed671ed632
                                                                                                                                                                • Opcode Fuzzy Hash: 9a44a003b2adc5dcefc8ff526d2530971c5d3068047d9fdcc44b124b31711f55
                                                                                                                                                                • Instruction Fuzzy Hash: CDA13830A0EB854FE745F73888566B97BE1EF85390F0941BAD049C72E3DE58AC05C366
                                                                                                                                                                Function 00007FF848A16AB9 Relevance: .3, Instructions: 302COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000005.00000003.2087234116.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_5_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 119aa370e4f8eb38ff990d501caa9a4c8e36c1549970e93897a3f4a66a995e54
                                                                                                                                                                • Instruction ID: a0fd32f2aa1778baa796677a6337469d1523152fb8ef7b3d571e67e891beb328
                                                                                                                                                                • Opcode Fuzzy Hash: 119aa370e4f8eb38ff990d501caa9a4c8e36c1549970e93897a3f4a66a995e54
                                                                                                                                                                • Instruction Fuzzy Hash: E391FC31E0DA494FE799EB3888656B97BE2FF99340F0901BAD04DC72D2DF299C018716
                                                                                                                                                                Function 00007FF848A1718D Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000005.00000003.2087234116.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_5_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 0bc3d8ba34346f19c81a9c91a145778e41b02ed28bd6419c8045a83854482789
                                                                                                                                                                • Instruction ID: bd43c211b216d5c276af0ebe62b76417b6032304ba4fc17e99ba029d7d5c14b0
                                                                                                                                                                • Opcode Fuzzy Hash: 0bc3d8ba34346f19c81a9c91a145778e41b02ed28bd6419c8045a83854482789
                                                                                                                                                                • Instruction Fuzzy Hash: 1D615820F0EA560FF7D8F63854462B977C2EF89390F1455BAE40EC71EADF689C428256
                                                                                                                                                                Function 00007FF848A14790 Relevance: .2, Instructions: 243COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000005.00000003.2087234116.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_5_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 3e77790f3ba3602827f36ddcb3f33d0a939d04990025ad69f22947a6dff25115
                                                                                                                                                                • Instruction ID: 5b9475676370b6e822c1ded577036981fd1eb28bf9a9bb518166d5a5f93ed450
                                                                                                                                                                • Opcode Fuzzy Hash: 3e77790f3ba3602827f36ddcb3f33d0a939d04990025ad69f22947a6dff25115
                                                                                                                                                                • Instruction Fuzzy Hash: 25513D62E1EE8A5FE385F92C58152F53BD2EFD569070900B6C04CCB297ED599C464361
                                                                                                                                                                Function 00007FF848A12AE0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000005.00000003.2087234116.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_5_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: c0a88a70129b28a7d3ffd441616690024d42af91f987734b8c4995dec7e82775
                                                                                                                                                                • Instruction ID: c93de94723724f26af82f7b50395838a3babd451104dec2fb5070b7e69233526
                                                                                                                                                                • Opcode Fuzzy Hash: c0a88a70129b28a7d3ffd441616690024d42af91f987734b8c4995dec7e82775
                                                                                                                                                                • Instruction Fuzzy Hash: 0F611621F0FA9A0FE766E63C18561B92BD1DF86694F0845F7C148CB1D7EE489C064366
                                                                                                                                                                Function 00007FF848A13110 Relevance: .2, Instructions: 211COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000005.00000003.2087234116.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_5_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 5d43260ab2d8e92b6590ab2c56c927280ecc14189c432e1bbedb4f0c5fbe3ace
                                                                                                                                                                • Instruction ID: 20043f823c1bb8f94241ad78f290a43cbbef4e4ef4e205216638b49ff3141094
                                                                                                                                                                • Opcode Fuzzy Hash: 5d43260ab2d8e92b6590ab2c56c927280ecc14189c432e1bbedb4f0c5fbe3ace
                                                                                                                                                                • Instruction Fuzzy Hash: 69514521E1EA5A0FE765BA3C18572F97BD1EF8A2A0F5401B6D44EC71D3EE4C5802436A
                                                                                                                                                                Function 00007FF848A15235 Relevance: .2, Instructions: 208COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000005.00000003.2087234116.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_5_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: b7035886507f042dcfb6c8a0e8ae580b793ee1daf94361c7a894e288ef1aa595
                                                                                                                                                                • Instruction ID: fe4488428d3e1475029e6ba20d96b1a3ab099d344ff16dd60442d85bcf9b3e6d
                                                                                                                                                                • Opcode Fuzzy Hash: b7035886507f042dcfb6c8a0e8ae580b793ee1daf94361c7a894e288ef1aa595
                                                                                                                                                                • Instruction Fuzzy Hash: D7510721A0EE4A4FE395F63C58163B977D1EF85390F1841BAD44DC72E2DE989841C366
                                                                                                                                                                Function 00007FF848A134D1 Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000005.00000003.2087234116.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_5_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: e74a490366288ba18cb378864987be2d55a74b7b4636e96d1b33d431d62f0ba4
                                                                                                                                                                • Instruction ID: 8caef520ad90a15c681ed10d82e39b2f4d978f19fe9d744ad4e7be789a03e5c1
                                                                                                                                                                • Opcode Fuzzy Hash: e74a490366288ba18cb378864987be2d55a74b7b4636e96d1b33d431d62f0ba4
                                                                                                                                                                • Instruction Fuzzy Hash: A3519E31609A0C8FEB85EF2CD845AE97BE1FF69341F0400AAE44DD72A2DB35A841CB50
                                                                                                                                                                Function 00007FF848A147A8 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000005.00000003.2087234116.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_5_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: d192c95e03eee157357bff2dd4669d977f78166017c055b5ac2468a85454d3c4
                                                                                                                                                                • Instruction ID: 4e06e1961771d9193557a94513acf613f97ebaf162896c956590f5c852e34120
                                                                                                                                                                • Opcode Fuzzy Hash: d192c95e03eee157357bff2dd4669d977f78166017c055b5ac2468a85454d3c4
                                                                                                                                                                • Instruction Fuzzy Hash: B6412B71E1EA8A5FE385E92C58152B13BD2EBEA7C0B0940BAC44CCB296FD599C064371
                                                                                                                                                                Function 00007FF848A11D90 Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000005.00000003.2087234116.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_5_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 9443895109bd72f5a1e8eeb21675b24bc4bfbcf561e36282a887263828cd61e2
                                                                                                                                                                • Instruction ID: 9677b20ea26f2d17c47b666cc764703fe8458d5e29b47dce2bd2b3decc3ce623
                                                                                                                                                                • Opcode Fuzzy Hash: 9443895109bd72f5a1e8eeb21675b24bc4bfbcf561e36282a887263828cd61e2
                                                                                                                                                                • Instruction Fuzzy Hash: 8D410820D1E7960FE75AA778582A2B53FE1DF57690F0811FBC048C71E3EE4C584A836A
                                                                                                                                                                Function 00007FF848A17659 Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000005.00000003.2087234116.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_5_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 474a394c65f7fc761f51d552528d3a273b9282bceed5fdae84b6dc8fc140cbbf
                                                                                                                                                                • Instruction ID: a9d0186c38ef88ec5b583297b935cf8aa955da0f093278df0d7442a6cc2cef53
                                                                                                                                                                • Opcode Fuzzy Hash: 474a394c65f7fc761f51d552528d3a273b9282bceed5fdae84b6dc8fc140cbbf
                                                                                                                                                                • Instruction Fuzzy Hash: C2413831E1EA065FE34CEA288406779B6D1FF98780F14017DE45EC32D6EF68A8418766
                                                                                                                                                                Function 00007FF848A11C51 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000005.00000003.2087234116.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_5_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 24ca8410e8998903a1c321073da1710cfc066f903d1fb02f62926ac772d2eae0
                                                                                                                                                                • Instruction ID: 59b8409b59dfd38ce7e1933bbd3e3a71286154419d3f329040a5b61a73ca6ff0
                                                                                                                                                                • Opcode Fuzzy Hash: 24ca8410e8998903a1c321073da1710cfc066f903d1fb02f62926ac772d2eae0
                                                                                                                                                                • Instruction Fuzzy Hash: 5D41C03090E6C94FDB1AABA858596FA7FB4EF13325F0801BFD089C2193DB582416C75A
                                                                                                                                                                Function 00007FF848A16E56 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000005.00000003.2087234116.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_5_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: cb1303699ff0dae1e87c442264371af2227b19a2ed9ac348d230afcc3d02d9e6
                                                                                                                                                                • Instruction ID: 86d1e4ab5b5eeac7a2a32cf010a79339e18bbdb53bd21ff4c54181a5eaf3ec63
                                                                                                                                                                • Opcode Fuzzy Hash: cb1303699ff0dae1e87c442264371af2227b19a2ed9ac348d230afcc3d02d9e6
                                                                                                                                                                • Instruction Fuzzy Hash: 8D31F73090EACA4FDB83EB6884615EA7FF2EF86250B0801EBD049C7193DA695C46C752
                                                                                                                                                                Function 00007FF848A1793D Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000005.00000003.2087234116.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_5_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 4f6419440ae574ca93533ac505d999d2230c663de030de25c2e836cad738a285
                                                                                                                                                                • Instruction ID: b7cc81e7d946bb64de0b4040da8266b32e241181c9beec3272d5383dc393ad43
                                                                                                                                                                • Opcode Fuzzy Hash: 4f6419440ae574ca93533ac505d999d2230c663de030de25c2e836cad738a285
                                                                                                                                                                • Instruction Fuzzy Hash: B1218031E1DE9A4FEB86EA385C211A93EA1FF96344F09009AE04DD7297DB645905C31A
                                                                                                                                                                Function 00007FF848A13BF0 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000005.00000003.2087234116.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_5_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 3431fb696117e3aaf3ba2c8b826e97927a698cfc12373baa0a0da1c9a8f60aa6
                                                                                                                                                                • Instruction ID: f7f4fe7f3da83be20635a4d968c4a9568c55076df327415c586dbc34eb4542af
                                                                                                                                                                • Opcode Fuzzy Hash: 3431fb696117e3aaf3ba2c8b826e97927a698cfc12373baa0a0da1c9a8f60aa6
                                                                                                                                                                • Instruction Fuzzy Hash: F3219531E1DE9A4FEBD5EA385C221B93AD1FF99348F0400A9E04DE32D6DF645905C35A
                                                                                                                                                                Function 00007FF848A17A9C Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000005.00000003.2087234116.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_5_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: cf8f94ed60f9a3525b5ad64d4cc4bd9c5d29f5c1dfb244da78c08c60e7f5ffaf
                                                                                                                                                                • Instruction ID: 1202fe39fdcf1b82c3ee64512a56c39b3f58b1780a4278f2603eabbf78dc962d
                                                                                                                                                                • Opcode Fuzzy Hash: cf8f94ed60f9a3525b5ad64d4cc4bd9c5d29f5c1dfb244da78c08c60e7f5ffaf
                                                                                                                                                                • Instruction Fuzzy Hash: 5101A721B2DD4E5FE695FA2C50522B9B3C2FB98280B544276D44EC328BEE5DD8464351
                                                                                                                                                                Function 00007FF848A18691 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000005.00000003.2087234116.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_5_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 09fde90dd8c223f0bd45e6299da2a037db305995b62c8f5883570ce4a6727d6b
                                                                                                                                                                • Instruction ID: 4e42c8a0f01a530dfc27711871d57db1d126cc5e80267861a21d2f29dea4dc61
                                                                                                                                                                • Opcode Fuzzy Hash: 09fde90dd8c223f0bd45e6299da2a037db305995b62c8f5883570ce4a6727d6b
                                                                                                                                                                • Instruction Fuzzy Hash: EE01F93150DE488FDB95F728D8956607BE1EF6934170900FAD058CB2B2D756EC41C752
                                                                                                                                                                Function 00007FF848A133C5 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000005.00000003.2087234116.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_5_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: c6878472b6359a8f0bb7bb6efb3dc04491b77104b5eeb6edab80ae50009499a7
                                                                                                                                                                • Instruction ID: 0485a7f2d8caa1961518184a526b64c37b491d06509668bc003172347187c944
                                                                                                                                                                • Opcode Fuzzy Hash: c6878472b6359a8f0bb7bb6efb3dc04491b77104b5eeb6edab80ae50009499a7
                                                                                                                                                                • Instruction Fuzzy Hash: 9101D15590E6C58FD7A2EB2C48611617FE4DF07251B1804EFD0C8CB093DA885C09C367
                                                                                                                                                                Function 00007FF848A170A9 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000005.00000003.2087234116.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_5_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: c43fe13c60d9c1593e47c006afda82e6d4cfc510d4a4e56a023a552cf189be56
                                                                                                                                                                • Instruction ID: 9538c007f585ff69b493ceaf2dd8ad00eb2597e556a3d381df2efe78c88d1ea6
                                                                                                                                                                • Opcode Fuzzy Hash: c43fe13c60d9c1593e47c006afda82e6d4cfc510d4a4e56a023a552cf189be56
                                                                                                                                                                • Instruction Fuzzy Hash: C0F0AF3190DA9C8FDB06EB6494116D9BBB1EF46380F0441E6E048CB292D7699A158BB2
                                                                                                                                                                Function 00007FF848A1760D Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000005.00000003.2087234116.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_5_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: ad9086a693855336f143a7114e14b0c1da66d475df46ae1028fae956ca205db5
                                                                                                                                                                • Instruction ID: f40819dd2b4a9d9acd4402e9425d17f0bf241203c0c8919e2e01d889bf8f160a
                                                                                                                                                                • Opcode Fuzzy Hash: ad9086a693855336f143a7114e14b0c1da66d475df46ae1028fae956ca205db5
                                                                                                                                                                • Instruction Fuzzy Hash: D8F0A735B0C91D8FDEA4EA5CA4522F6B7C1EF94790F5410B9D04EC3289DF55EC068792
                                                                                                                                                                Function 00007FF848A13C58 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000005.00000003.2087234116.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_5_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 87eae44a9a70b58bfe496e5ec621827dfd1c7dc9216abb9cabe35f70490c7104
                                                                                                                                                                • Instruction ID: 0deacd891747a97c8a50d7f707fecda053a1fe0384d43b01a810938ac955e48a
                                                                                                                                                                • Opcode Fuzzy Hash: 87eae44a9a70b58bfe496e5ec621827dfd1c7dc9216abb9cabe35f70490c7104
                                                                                                                                                                • Instruction Fuzzy Hash: 95F0ED30D08A2C9FCF52FB1884012DEB7B1EF49384F0041E6E008E7241CB7AAA018BE6
                                                                                                                                                                Function 00007FF848A170C0 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000005.00000003.2087234116.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_5_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: a9656c9d6bcfc0ef8c2ce29fb34128c177a75a3b99877ec918c0d3094f47b30c
                                                                                                                                                                • Instruction ID: 50e2301005ccf092c5d41f3602098e920e169fba4b5fd86ec36ee64ae8e74b60
                                                                                                                                                                • Opcode Fuzzy Hash: a9656c9d6bcfc0ef8c2ce29fb34128c177a75a3b99877ec918c0d3094f47b30c
                                                                                                                                                                • Instruction Fuzzy Hash: 5CE09231D08A2C9FCF56FB5894012DEF7B1EF49344F0041E6E418D7241DB7A9A558BE2

                                                                                                                                                                Executed Functions

                                                                                                                                                                Function 00007FF848A11610 Relevance: .6, Instructions: 554COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000003.2107142600.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 55a0bf49802e356b991bcecf06c08b3caa4c3b2134cd0b76db010e6ce871d5e3
                                                                                                                                                                • Instruction ID: 04aba8a30aa1861a317100259270d8ee3f5e55ab6a18d98971bf3dc23a576884
                                                                                                                                                                • Opcode Fuzzy Hash: 55a0bf49802e356b991bcecf06c08b3caa4c3b2134cd0b76db010e6ce871d5e3
                                                                                                                                                                • Instruction Fuzzy Hash: B2024631E0EA854FE759EA3C681B2787BE1FF85750F0841BAD049D7287DE789C02875A
                                                                                                                                                                Function 00007FF848A14D52 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000003.2107142600.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: df93af054a1bba850b73b50814cd8c7166d52c03aa1e415db3b617072f8ae0dd
                                                                                                                                                                • Instruction ID: aee0bfe39dd6f3d1810df3a481b53887c1026ceb9b4dcb55a830704622fa8039
                                                                                                                                                                • Opcode Fuzzy Hash: df93af054a1bba850b73b50814cd8c7166d52c03aa1e415db3b617072f8ae0dd
                                                                                                                                                                • Instruction Fuzzy Hash: B9712320A0FE861FE795FA3C54572B9AAC2EF85290F5401BAE00EC71D7DE6C98458356
                                                                                                                                                                Function 00007FF848A12AE0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000003.2107142600.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 16b5c8a603e7b48af1dafe75c4aa158530f225d0f6ebd44e554969d0542046dc
                                                                                                                                                                • Instruction ID: 5f96ee2ca3a9a5657d7ffdf0eeef98696d790ec258a0b987629eec988d176855
                                                                                                                                                                • Opcode Fuzzy Hash: 16b5c8a603e7b48af1dafe75c4aa158530f225d0f6ebd44e554969d0542046dc
                                                                                                                                                                • Instruction Fuzzy Hash: 73612621E0FA9A0FE366E63C18571B92BD1EF86694F0845FBC149CB1D7DE4C9C068366
                                                                                                                                                                Function 00007FF848A134D1 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000003.2107142600.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: c5a0de6e4a91368d8f05c7956b039a106dcfeb1e7da024526283ebfcc6054030
                                                                                                                                                                • Instruction ID: 599de16d9c202390e65fc1d73648235f319726d3eec56ceb85533931e65551b8
                                                                                                                                                                • Opcode Fuzzy Hash: c5a0de6e4a91368d8f05c7956b039a106dcfeb1e7da024526283ebfcc6054030
                                                                                                                                                                • Instruction Fuzzy Hash: C551D330A0DA488FDB55FF68D8496E9BBE0FF59351F0400BAE44DD32A2DB799841CB81
                                                                                                                                                                Function 00007FF848A14529 Relevance: .2, Instructions: 178COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000003.2107142600.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 832fb1e45c2e46091bad6799a32f96962eaad24f81c018fcf9113be398a2d715
                                                                                                                                                                • Instruction ID: 6cf540d7f9e40a031b945f7be13bc706cbc666d39d64769ea442ecbad4c70889
                                                                                                                                                                • Opcode Fuzzy Hash: 832fb1e45c2e46091bad6799a32f96962eaad24f81c018fcf9113be398a2d715
                                                                                                                                                                • Instruction Fuzzy Hash: 7951083190FB895FE752EBB8582A1A97FF1EF46350B0845FAC449C71A3DA6C4C068352
                                                                                                                                                                Function 00007FF848A11D90 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000003.2107142600.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 8bf9d27c803657371d6bc81afb91a315b8faf8cefbc30e721d5a9fd9f262e158
                                                                                                                                                                • Instruction ID: f1391fa5bc63e6c9396ae10713abe02dab8e8793b6be1cfea09118ed27bec266
                                                                                                                                                                • Opcode Fuzzy Hash: 8bf9d27c803657371d6bc81afb91a315b8faf8cefbc30e721d5a9fd9f262e158
                                                                                                                                                                • Instruction Fuzzy Hash: CE41062091F7864FE75AA778582A2B57FE0DF16690F0811FBC048C71E3EE4C584A836A
                                                                                                                                                                Function 00007FF848A11C51 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000003.2107142600.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 24ca8410e8998903a1c321073da1710cfc066f903d1fb02f62926ac772d2eae0
                                                                                                                                                                • Instruction ID: 59b8409b59dfd38ce7e1933bbd3e3a71286154419d3f329040a5b61a73ca6ff0
                                                                                                                                                                • Opcode Fuzzy Hash: 24ca8410e8998903a1c321073da1710cfc066f903d1fb02f62926ac772d2eae0
                                                                                                                                                                • Instruction Fuzzy Hash: 5D41C03090E6C94FDB1AABA858596FA7FB4EF13325F0801BFD089C2193DB582416C75A
                                                                                                                                                                Function 00007FF848A1501D Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000003.2107142600.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 8e9707f1d879dd475757f9b2b2142085b881ba9a7ddc9893d6a440e6ba2964a1
                                                                                                                                                                • Instruction ID: 58310cb3f500e7b4208da1939747badf78596b9a726251675dea22b3ab3fc7a8
                                                                                                                                                                • Opcode Fuzzy Hash: 8e9707f1d879dd475757f9b2b2142085b881ba9a7ddc9893d6a440e6ba2964a1
                                                                                                                                                                • Instruction Fuzzy Hash: 3631FC3090DA584FD755FB7C88465E9BBE1EF59360F0441BED409E72A2CF685C01C7A6
                                                                                                                                                                Function 00007FF848A14CA9 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000003.2107142600.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 97a4f9604c0592cde64d8d0b74a345bfa96a000fc4a826d281dc1b22706734cf
                                                                                                                                                                • Instruction ID: d2e09206702add9aadc85d88fb90cffabce010098a58c05667f085e957e9fa2a
                                                                                                                                                                • Opcode Fuzzy Hash: 97a4f9604c0592cde64d8d0b74a345bfa96a000fc4a826d281dc1b22706734cf
                                                                                                                                                                • Instruction Fuzzy Hash: 96116661A1EECA0FE782FB7C48562B5BBE2FF55240B0801FAC04AC3197EE5C98058311
                                                                                                                                                                Function 00007FF848A14EAA Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000003.2107142600.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: d0f0eca4b523b294dafe8fdc510c19144c7c8ba64cf99620fa1f9ec6a5afbf4a
                                                                                                                                                                • Instruction ID: 78f0528f2e786781d4241537b0224145a07c283c6eeabc52b4059631b1d92b0e
                                                                                                                                                                • Opcode Fuzzy Hash: d0f0eca4b523b294dafe8fdc510c19144c7c8ba64cf99620fa1f9ec6a5afbf4a
                                                                                                                                                                • Instruction Fuzzy Hash: 3A118120B1E9064EE688FA3C44962B9A2C3EFC4390F601939E41FC22D6DE68A8804647
                                                                                                                                                                Function 00007FF848A154F9 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000003.2107142600.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 864eb4d19043eda472499542949bc64d6370effb903038301c66df8fbd5b2762
                                                                                                                                                                • Instruction ID: c852149a2a2220ebd0a0f88e656441ca0c8fc2fce5f02c509ce65caa1187897e
                                                                                                                                                                • Opcode Fuzzy Hash: 864eb4d19043eda472499542949bc64d6370effb903038301c66df8fbd5b2762
                                                                                                                                                                • Instruction Fuzzy Hash: D111ED2050FAD00FC767E73C48696A17FE0EF4722074941EBD488CB1E3C99D498AC352
                                                                                                                                                                Function 00007FF848A140E0 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000003.2107142600.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: fa2097a39e1e1002efc2b6de38c0ab8fa8c4afc3e92da8e7ab81803b6d583b74
                                                                                                                                                                • Instruction ID: 487a3b7be2ca33aa810ec183fa2efaf602a5458a121d938a1a2e3b2ddb49f25c
                                                                                                                                                                • Opcode Fuzzy Hash: fa2097a39e1e1002efc2b6de38c0ab8fa8c4afc3e92da8e7ab81803b6d583b74
                                                                                                                                                                • Instruction Fuzzy Hash: 6301D43061FA944FD766A73C58652A47FE0EF47220B4801FFD489CB1E3DD9E48868341
                                                                                                                                                                Function 00007FF848A14654 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000003.2107142600.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 76f21d97e37ba23edc26dd051bbc2959e11d9025d5129b917ca0d47797233b0c
                                                                                                                                                                • Instruction ID: 7d52a24ae27cdda3fd0fac7ec5ee03b25269a1b7f00381d61f66e5623cd09763
                                                                                                                                                                • Opcode Fuzzy Hash: 76f21d97e37ba23edc26dd051bbc2959e11d9025d5129b917ca0d47797233b0c
                                                                                                                                                                • Instruction Fuzzy Hash: B4F02831D0F99B5FE695FF3C842667963D3EF84A40F0941B9C05AC718ADE6CAC068301
                                                                                                                                                                Function 00007FF848A127C7 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000003.2107142600.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: ddb9337e0952126222eea0c15d45f286f696e9a30becfb8eff97b84d8c198b71
                                                                                                                                                                • Instruction ID: 2e4f5094e33acee20a59eca1b2314e3abc4a2a167ce0930c2b9076b48b7b21e8
                                                                                                                                                                • Opcode Fuzzy Hash: ddb9337e0952126222eea0c15d45f286f696e9a30becfb8eff97b84d8c198b71
                                                                                                                                                                • Instruction Fuzzy Hash: D8E0263290EA4C6FCA00EAAAAC414DA3B98FA8D318F00012AE00CC3241D2558515C325
                                                                                                                                                                Function 00007FF848A1467D Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000003.2107142600.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 146653d957a831100ca27a669b8b3754af6e6f83c19861cae7c975a81a3cd8f7
                                                                                                                                                                • Instruction ID: ae8765926a87ff1f874fb5d2b7e031c163bc2aa9ae3a5304498c0e1e6b84bd10
                                                                                                                                                                • Opcode Fuzzy Hash: 146653d957a831100ca27a669b8b3754af6e6f83c19861cae7c975a81a3cd8f7
                                                                                                                                                                • Instruction Fuzzy Hash: 33E09220E1F9565FE292BA7C44276B927E3EF88680F5941B4C0198725ACEBCAC034342
                                                                                                                                                                Function 00007FF848A123BA Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000003.2107142600.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 44cce7f499a2b852f21aea7d4ad8a1aff09d268a44e7f9147553b35291b9dfe6
                                                                                                                                                                • Instruction ID: 0af2d7ea2c542f050d69125bd2f31df207f2b4ea746e15c52d93f88e655920d2
                                                                                                                                                                • Opcode Fuzzy Hash: 44cce7f499a2b852f21aea7d4ad8a1aff09d268a44e7f9147553b35291b9dfe6
                                                                                                                                                                • Instruction Fuzzy Hash: 89A0010599BA2609AA8874720A425A574845A482E2FC841A5AD58C8192EA8D92DA1666
                                                                                                                                                                Function 00007FF848A10278 Relevance: .0, Instructions: 1COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000007.00000003.2107142600.00007FF848A10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A10000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_7_3_7ff848a10000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: f25dc9b8a2de0b62b38b66a8b0f118900e3272c4a986bcc7f326dff8192e2249
                                                                                                                                                                • Instruction ID: d3eddcc5228b876e71448afa77255e8b676f85d85cd30bfbaf76012bc4986f4e
                                                                                                                                                                • Opcode Fuzzy Hash: f25dc9b8a2de0b62b38b66a8b0f118900e3272c4a986bcc7f326dff8192e2249
                                                                                                                                                                • Instruction Fuzzy Hash:

                                                                                                                                                                Executed Functions

                                                                                                                                                                Function 00007FF848A01610 Relevance: .6, Instructions: 551COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.2117541499.00007FF848A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A00000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_7ff848a00000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: ea2e7fae4a28744d6e04e9c80193e6da39453450eec771ae148e5f0f98f7e2b7
                                                                                                                                                                • Instruction ID: f19e3c81a129e0b9dcfea8241e75427a84d35557c3c5a0d187093289bb9328b6
                                                                                                                                                                • Opcode Fuzzy Hash: ea2e7fae4a28744d6e04e9c80193e6da39453450eec771ae148e5f0f98f7e2b7
                                                                                                                                                                • Instruction Fuzzy Hash: C0022421E0EA854FE359EF7C681B2B97BE1FF46740F1801BAC04997197EE7998028357
                                                                                                                                                                Function 00007FF848A051C5 Relevance: .4, Instructions: 429COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.2117541499.00007FF848A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A00000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_7ff848a00000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 8d41534742ef76397e2271c4c617172ba5dd198b753315bbb3072aed2a9f5e11
                                                                                                                                                                • Instruction ID: 73a73bc9141884c4986894c643d58561e4d25e7f75bf16b1cf3cfa100d8e54f7
                                                                                                                                                                • Opcode Fuzzy Hash: 8d41534742ef76397e2271c4c617172ba5dd198b753315bbb3072aed2a9f5e11
                                                                                                                                                                • Instruction Fuzzy Hash: 3CB15B21A0EA8A0FE359EA3C58571757BC1EF87291F1841BDC48EC7193EE4968078356
                                                                                                                                                                Function 00007FF848A043FB Relevance: .4, Instructions: 361COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.2117541499.00007FF848A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A00000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_7ff848a00000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 9c97435935f567780e573046cc889d1c4319ff85039f84c32ef0e6649e2817bf
                                                                                                                                                                • Instruction ID: 8ae8e76c60cfd6d21da2734b470b128ec40e39340ca2d1abe50fa09a6e5c3d6e
                                                                                                                                                                • Opcode Fuzzy Hash: 9c97435935f567780e573046cc889d1c4319ff85039f84c32ef0e6649e2817bf
                                                                                                                                                                • Instruction Fuzzy Hash: B981C26190F5C91FE352E778186A1BA7FE0EF4B244F4845EEC4C9CB1A7E95C680B8312
                                                                                                                                                                Function 00007FF848A02AE0 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.2117541499.00007FF848A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A00000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_7ff848a00000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 95b136371275537be1f3c70cbbc447f2430cc7ae98f816676095f4b093a8e019
                                                                                                                                                                • Instruction ID: bf3f47d37b38cd06808fd7da605cb2eba9d4fb5260c36350291777d3bfc2b026
                                                                                                                                                                • Opcode Fuzzy Hash: 95b136371275537be1f3c70cbbc447f2430cc7ae98f816676095f4b093a8e019
                                                                                                                                                                • Instruction Fuzzy Hash: 3A61F421E0FB860FE3A6EA3C58561B92BD1EF87694F0845FBC049CB197EE4C58064367
                                                                                                                                                                Function 00007FF848A04DC2 Relevance: .2, Instructions: 227COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.2117541499.00007FF848A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A00000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_7ff848a00000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 5f8f501d29d3a472e983914d0d6109b8a21cce6459a6ddca0ebe2cc87d8b1013
                                                                                                                                                                • Instruction ID: 0fff59323082f77422056b162c2ad1e366b4e6608a58ba93c380c9c0fa31ee39
                                                                                                                                                                • Opcode Fuzzy Hash: 5f8f501d29d3a472e983914d0d6109b8a21cce6459a6ddca0ebe2cc87d8b1013
                                                                                                                                                                • Instruction Fuzzy Hash: 23612820A0FA861FE795FB38145B3B96BC1EF86684F1401FAD44AC72D3EE9C58458317
                                                                                                                                                                Function 00007FF848A034D1 Relevance: .2, Instructions: 195COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.2117541499.00007FF848A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A00000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_7ff848a00000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 4dc104586dd35618512bc432c5c83e65464d65822e65d344047e03937e33e551
                                                                                                                                                                • Instruction ID: 9a8650902727b0c0627cc137fe000839a372e6491f0130bf300f8213eb2f5ac3
                                                                                                                                                                • Opcode Fuzzy Hash: 4dc104586dd35618512bc432c5c83e65464d65822e65d344047e03937e33e551
                                                                                                                                                                • Instruction Fuzzy Hash: 6051E230A0DA4C8FDB95EF6CD8499E97BE0FF5A341F0400AEE449C32A2DA35A841C745
                                                                                                                                                                Function 00007FF848A01D90 Relevance: .2, Instructions: 164COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.2117541499.00007FF848A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A00000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_7ff848a00000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 601ed31b37469cbd5962d43ea1c53137463fd955476c59f77a170c680414bf8d
                                                                                                                                                                • Instruction ID: 89e32c102a62198f6f90ea7bf2c81a7708cbd27f39b21d0940e43f1221112545
                                                                                                                                                                • Opcode Fuzzy Hash: 601ed31b37469cbd5962d43ea1c53137463fd955476c59f77a170c680414bf8d
                                                                                                                                                                • Instruction Fuzzy Hash: 9C41C921D1EA964FF35AAE38582A1F93FA1DF57690F0401FBC448C71E3F94C584A8356
                                                                                                                                                                Function 00007FF848A01C51 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.2117541499.00007FF848A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A00000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_7ff848a00000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 2bbd88bd6ad98a19340e28c834381a4bb4059fd4186ebd84ff401f1f89a13a0e
                                                                                                                                                                • Instruction ID: 36e51b0da8459ac08ca19ef8c8ea7ce9a2342e7e83d2f898a69bdb12fac12f77
                                                                                                                                                                • Opcode Fuzzy Hash: 2bbd88bd6ad98a19340e28c834381a4bb4059fd4186ebd84ff401f1f89a13a0e
                                                                                                                                                                • Instruction Fuzzy Hash: FD41C23090E6C98FDB1AAFA858596F67FB4EF13325F0801AFD089C2193DB586416C75B
                                                                                                                                                                Function 00007FF848A0508D Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.2117541499.00007FF848A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A00000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_7ff848a00000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: e95f823b6984d41e81cf083da4f463f0297b582b22f1892280c3ea85db1a94df
                                                                                                                                                                • Instruction ID: 9dbbad0cff8466d982cb2990f1e9da9d39a02310952fcb0f82a8e8635f3940f0
                                                                                                                                                                • Opcode Fuzzy Hash: e95f823b6984d41e81cf083da4f463f0297b582b22f1892280c3ea85db1a94df
                                                                                                                                                                • Instruction Fuzzy Hash: A531393090EA5C4FE755FF6C88565E97BE1EF4A360F0401BAD04AD72A2DF686802C796
                                                                                                                                                                Function 00007FF848A04D19 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.2117541499.00007FF848A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A00000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_7ff848a00000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 7a9d70273f537c5a5662d86238b413f1f81a729030e331ebaea8959b8dac3f10
                                                                                                                                                                • Instruction ID: 03d5a9ebe0928c5eecc97a4bdfbea78d1b237b190bf24d66de2135e1703f4246
                                                                                                                                                                • Opcode Fuzzy Hash: 7a9d70273f537c5a5662d86238b413f1f81a729030e331ebaea8959b8dac3f10
                                                                                                                                                                • Instruction Fuzzy Hash: 49110521A1FE8E2FE392F77858552B5B7D1FF5A144B0802FBC48AC3187EE5C68168355
                                                                                                                                                                Function 00007FF848A047D0 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.2117541499.00007FF848A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A00000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_7ff848a00000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: baae27e81ecd2f2ae4be45750d1353dc40a21db02eec02136e38a7a7540c29a7
                                                                                                                                                                • Instruction ID: ebe737051ca701167e2bcce16dc1ed0a3b277f311b38e5bbaf87ab58dda88ae2
                                                                                                                                                                • Opcode Fuzzy Hash: baae27e81ecd2f2ae4be45750d1353dc40a21db02eec02136e38a7a7540c29a7
                                                                                                                                                                • Instruction Fuzzy Hash: 6811C421B0F9995FD695FA2C78261A837D1EF8B298B4441FAC04DC72A7DE545C0AC34A
                                                                                                                                                                Function 00007FF848A04F1A Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.2117541499.00007FF848A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A00000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_7ff848a00000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 453f52e50468615a7754c43d1305ac9bbf5c9cb0c211a5ebe9e604b8e2fc6036
                                                                                                                                                                • Instruction ID: 0d6ff0a1ee5beac2889fad03a2470e04a960b55c1b3b63567a5c6d4e636fe20b
                                                                                                                                                                • Opcode Fuzzy Hash: 453f52e50468615a7754c43d1305ac9bbf5c9cb0c211a5ebe9e604b8e2fc6036
                                                                                                                                                                • Instruction Fuzzy Hash: 3D118430B1E9464EF688FF2854966BD61C2FFC5798F605939E40FC22D7EEA8A8404247
                                                                                                                                                                Function 00007FF848A0470D Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.2117541499.00007FF848A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A00000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_7ff848a00000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: a26896cc8d5711757cc6a0a7c51ac66545746fc57539ef8b5ff86b1a858f41aa
                                                                                                                                                                • Instruction ID: f01e59617000cabc496c0c18d47c67996ef294d0a7be1950d34eb83ed111e07d
                                                                                                                                                                • Opcode Fuzzy Hash: a26896cc8d5711757cc6a0a7c51ac66545746fc57539ef8b5ff86b1a858f41aa
                                                                                                                                                                • Instruction Fuzzy Hash: ABF0EC1180EBA51FEB56F97924521F53F90DF07655B0900EBD898CA193EA8D09C64397
                                                                                                                                                                Function 00007FF848A055DC Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.2117541499.00007FF848A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A00000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_7ff848a00000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 810c47cc9f333f16ba22f8408f6f0e7a160ac43a352dae71ff3b7e1c72d7eb46
                                                                                                                                                                • Instruction ID: c88297d18c8172b45bdd78afae0e3d91ce2401834815e4d4bacd47ef2a0f1839
                                                                                                                                                                • Opcode Fuzzy Hash: 810c47cc9f333f16ba22f8408f6f0e7a160ac43a352dae71ff3b7e1c72d7eb46
                                                                                                                                                                • Instruction Fuzzy Hash: 5EF0E22150EBD14FC362D73C88A9294BFB0DF0722070906DFD498CB1E3C649AC86C342
                                                                                                                                                                Function 00007FF848A047CB Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.2117541499.00007FF848A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A00000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_7ff848a00000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: be19718b3224503a11c0da055a94ad23b6f8e8e53ca492b218896cbc7f9b6732
                                                                                                                                                                • Instruction ID: b816c87d22a7e77ce1d6b3b57fe5246caa986a99ff56b9177cb286843612a071
                                                                                                                                                                • Opcode Fuzzy Hash: be19718b3224503a11c0da055a94ad23b6f8e8e53ca492b218896cbc7f9b6732
                                                                                                                                                                • Instruction Fuzzy Hash: D3E0D832E0FD9D4FD399FD2C24162A42681FB8B559F0402BAC00CC72D7EA540C09C396
                                                                                                                                                                Function 00007FF848A023BA Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.2117541499.00007FF848A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A00000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_7ff848a00000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 44cce7f499a2b852f21aea7d4ad8a1aff09d268a44e7f9147553b35291b9dfe6
                                                                                                                                                                • Instruction ID: 3d0293f137dc51b43e0668937639c3d8a7c6cc94dc3fae05c96d0ae6f2153e85
                                                                                                                                                                • Opcode Fuzzy Hash: 44cce7f499a2b852f21aea7d4ad8a1aff09d268a44e7f9147553b35291b9dfe6
                                                                                                                                                                • Instruction Fuzzy Hash: 55A0110088BA0208AA0838320A020B020800A082E2FC800B0AC08C0082EE8C82EA0222
                                                                                                                                                                Function 00007FF848A00278 Relevance: .0, Instructions: 1COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000008.00000003.2117541499.00007FF848A00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A00000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_8_3_7ff848a00000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: f25dc9b8a2de0b62b38b66a8b0f118900e3272c4a986bcc7f326dff8192e2249
                                                                                                                                                                • Instruction ID: 49ba793ad839f14fe17e5d281010ccb4a12c5273cbc5d40868082b488130c1d4
                                                                                                                                                                • Opcode Fuzzy Hash: f25dc9b8a2de0b62b38b66a8b0f118900e3272c4a986bcc7f326dff8192e2249
                                                                                                                                                                • Instruction Fuzzy Hash:

                                                                                                                                                                Executed Functions

                                                                                                                                                                Function 00007FF848A36709 Relevance: .6, Instructions: 635COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: c27d8d9701b4cffb1a55fd168751dfafee1c5db3ba5ad2c753a1a99dcf4810b6
                                                                                                                                                                • Instruction ID: 0ebaa115a58c62034727d6e1cf9b31539b833a484435cfd9ddfe8901b1a05ca0
                                                                                                                                                                • Opcode Fuzzy Hash: c27d8d9701b4cffb1a55fd168751dfafee1c5db3ba5ad2c753a1a99dcf4810b6
                                                                                                                                                                • Instruction Fuzzy Hash: 32125971F0EA864FE749EA38541627937E2EF65780F1C00BAD40ECB2D7EE59AC058356
                                                                                                                                                                Function 00007FF848A31610 Relevance: .6, Instructions: 561COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: e931d1f2a0e84772505dfb307b2f2d0879f489797e86d4848bc782688f4a42ec
                                                                                                                                                                • Instruction ID: 619269f63b403a000276aeb463b5c901bac900ab115264f0bc83b55252813923
                                                                                                                                                                • Opcode Fuzzy Hash: e931d1f2a0e84772505dfb307b2f2d0879f489797e86d4848bc782688f4a42ec
                                                                                                                                                                • Instruction Fuzzy Hash: 4B022331F0EB854FE799EA68641B2797BE1EF45740F1800BBE049D7297DE789802835A
                                                                                                                                                                Function 00007FF848A352B5 Relevance: .4, Instructions: 430COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 48c3c9270b6fd0bc6b556e55c136563fcb0a809bad3b664c4158f3e1a2a0776c
                                                                                                                                                                • Instruction ID: 0fdaaabb20029d3e9929b16be968ee210eea080032cb3b27ba346513e8e80434
                                                                                                                                                                • Opcode Fuzzy Hash: 48c3c9270b6fd0bc6b556e55c136563fcb0a809bad3b664c4158f3e1a2a0776c
                                                                                                                                                                • Instruction Fuzzy Hash: 79B14B21A0EA4A0FE359E63C585B27537D2EF86791F1811BAC48EC3297CE5CBC078356
                                                                                                                                                                Function 00007FF848A35C62 Relevance: .9, Instructions: 935COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: a42d3e645e3b47c16eec1547035e34f52d57c82cf8e2eff3afaa237c2f897e1f
                                                                                                                                                                • Instruction ID: a2db14a3309fa83ef43a6ca7b1df6bd9641318a4cb5899cb03fd667f798b8f34
                                                                                                                                                                • Opcode Fuzzy Hash: a42d3e645e3b47c16eec1547035e34f52d57c82cf8e2eff3afaa237c2f897e1f
                                                                                                                                                                • Instruction Fuzzy Hash: 6362A3B0A09B4A9FE347DB18D040949B7B2FF6678078911E9E019DF3A3DA37AD85C750
                                                                                                                                                                Function 00007FF848A320FA Relevance: .6, Instructions: 587COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 8832946937b48561577671d9c858627ae2cbf0f41ec9544686f9a3673486901e
                                                                                                                                                                • Instruction ID: 7ca0c4d412568a9c86e6a1136178195a9feabd5686572bab109825fa1192cece
                                                                                                                                                                • Opcode Fuzzy Hash: 8832946937b48561577671d9c858627ae2cbf0f41ec9544686f9a3673486901e
                                                                                                                                                                • Instruction Fuzzy Hash: 2AF13732A0E6961FE305BB7CA8565F93BD0DF42668F0801BBD08ECB193DD1E64578396
                                                                                                                                                                Function 00007FF848A371F3 Relevance: .4, Instructions: 449COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 23ccf5f82faf2df6774a6a78bbd0e6d8463d39ee84c14f4acc990735161c9b03
                                                                                                                                                                • Instruction ID: bec568e27a17ef628b5021c7d297aa232961a8f22ff2125c090bf6b2e63365e9
                                                                                                                                                                • Opcode Fuzzy Hash: 23ccf5f82faf2df6774a6a78bbd0e6d8463d39ee84c14f4acc990735161c9b03
                                                                                                                                                                • Instruction Fuzzy Hash: 51B1D331A0DA498FE749FB6CD455AE97BE1EF66340F0400BBE04AC72A3DE25AC45C752
                                                                                                                                                                Function 00007FF848A341FA Relevance: .3, Instructions: 295COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 9c9e5a2f9bb9aa3e2070248b74a0b63ee5be60bf42b3b2a36cab1ccecc374634
                                                                                                                                                                • Instruction ID: 1d25b3f3a44fa1ab00377f565567ef1a3039fbd5a06dfe8a96409e13417844fb
                                                                                                                                                                • Opcode Fuzzy Hash: 9c9e5a2f9bb9aa3e2070248b74a0b63ee5be60bf42b3b2a36cab1ccecc374634
                                                                                                                                                                • Instruction Fuzzy Hash: AF813436A0E6565FE306BEBCB4424ED3B90DF523B4F0541BBD089CE183DA1E644B93A5
                                                                                                                                                                Function 00007FF848A32AE0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 2c1584a4e1d7146f4fd165167ba54bcd4a51e1b94be16eefafc15a310c04e39a
                                                                                                                                                                • Instruction ID: 1c6cf2ee67a53bbe7bb03effd5411b951423f7e31b078a10b7e8308c33498ea9
                                                                                                                                                                • Opcode Fuzzy Hash: 2c1584a4e1d7146f4fd165167ba54bcd4a51e1b94be16eefafc15a310c04e39a
                                                                                                                                                                • Instruction Fuzzy Hash: 17614921E0FA8A1FE3A6FA3C18571B92B91DF86695F0841F7D148CB1D7DE4C5C068366
                                                                                                                                                                Function 00007FF848A357F2 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: f3bd85ca18ed56ef88c5b2dde59faffd14590c805a11dc9786119e9bb8bec5ee
                                                                                                                                                                • Instruction ID: c45d81e0c87c9ed710bc441eb911c982c2350288f17c7212bb5e9587c5d04e88
                                                                                                                                                                • Opcode Fuzzy Hash: f3bd85ca18ed56ef88c5b2dde59faffd14590c805a11dc9786119e9bb8bec5ee
                                                                                                                                                                • Instruction Fuzzy Hash: 80513333B1DA561EF215FAACB4025FC6784DFA23B5F080137C15ECA0C3DD4A644692A6
                                                                                                                                                                Function 00007FF848A34EB2 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 8d7801fff4cbfb66bf3e3039d886fd00506ee3b517e967709e8df24f81fa6577
                                                                                                                                                                • Instruction ID: 040fda4b98bdacb9ef61010191f7cab09acfa67a958f746fa96febb3e5ec86be
                                                                                                                                                                • Opcode Fuzzy Hash: 8d7801fff4cbfb66bf3e3039d886fd00506ee3b517e967709e8df24f81fa6577
                                                                                                                                                                • Instruction Fuzzy Hash: 06613620E0EA864FE789F63C54562B966D2EF96380F1441BBE00EC72D3DE9D98418397
                                                                                                                                                                Function 00007FF848A35A3C Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: aaaa95c1cecd26f3c82f8f69ebc475565ba9ae0305877380eb90d21894db7043
                                                                                                                                                                • Instruction ID: af368a043b1d89dd9f2ccd6e91ef99119960b69e21568a37fb88702edcadbb4f
                                                                                                                                                                • Opcode Fuzzy Hash: aaaa95c1cecd26f3c82f8f69ebc475565ba9ae0305877380eb90d21894db7043
                                                                                                                                                                • Instruction Fuzzy Hash: 4D614871E1EA8A8FF78AEB2C94167B97BF2EF65244F0400BAC00DD72D2DE295845C711
                                                                                                                                                                Function 00007FF848A334D1 Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: babc35d01d80cc7aac4051ae6c4018d1813342de2f09ef15d670f26e8b1ab9f9
                                                                                                                                                                • Instruction ID: 02c94699f1ad3f5cf45a010f450431393e70758b9164f1d9dec359ac57260aa7
                                                                                                                                                                • Opcode Fuzzy Hash: babc35d01d80cc7aac4051ae6c4018d1813342de2f09ef15d670f26e8b1ab9f9
                                                                                                                                                                • Instruction Fuzzy Hash: 2651813161DA0D8FEB45EF2CD845AE97BF1FF69341F0400AAE409D72A2DB35A841C751
                                                                                                                                                                Function 00007FF848A31D90 Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 1b5aa59f1f4421121504a89fae0545687a0c9dae07e9d6887a35eaf13700a549
                                                                                                                                                                • Instruction ID: 6cb1b0677f48677993501776d2385267a8c61aa90d231f3c7a5cf6c92c63564c
                                                                                                                                                                • Opcode Fuzzy Hash: 1b5aa59f1f4421121504a89fae0545687a0c9dae07e9d6887a35eaf13700a549
                                                                                                                                                                • Instruction Fuzzy Hash: 1141152090EB864FE35AA738586A2B53FA0DF57690F1801FBD048C71E3EA4D584A8367
                                                                                                                                                                Function 00007FF848A31C51 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: a1c4a4be0e1943086eedd11d362a889ef8d33d02c39529e0190284d782c8301e
                                                                                                                                                                • Instruction ID: 2ccb9ee434669fa268223c23b3b7232d44fad26ae1dfaea9a43df7b29546a9db
                                                                                                                                                                • Opcode Fuzzy Hash: a1c4a4be0e1943086eedd11d362a889ef8d33d02c39529e0190284d782c8301e
                                                                                                                                                                • Instruction Fuzzy Hash: 3A41C33090E7C94FDB16ABA858596F67FB4EF13325F0801AFE089C3193DB582416C75A
                                                                                                                                                                Function 00007FF848A3517D Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 3b9e10b5870bc8c281849672327a0c9b735190e03aa3f10e7dd3427465c3a762
                                                                                                                                                                • Instruction ID: 09a7b147afec3f585b55b0b952d0ee982edf73e4aebe3660c0e7fa78ddb98cb4
                                                                                                                                                                • Opcode Fuzzy Hash: 3b9e10b5870bc8c281849672327a0c9b735190e03aa3f10e7dd3427465c3a762
                                                                                                                                                                • Instruction Fuzzy Hash: 2431E331A0DA084FEB45FB6CD8529E977F1EF59350F0401AAE009E7292CF65A801CBA1
                                                                                                                                                                Function 00007FF848A35924 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 55b87b0579e154a6480bbb8c91d6c931ff9370963fc970cd0df4a73f30ca88dc
                                                                                                                                                                • Instruction ID: 552a172c428d965f0100f84c67914198f829cf593c1c32ff4a6f6b3aff7e6e9c
                                                                                                                                                                • Opcode Fuzzy Hash: 55b87b0579e154a6480bbb8c91d6c931ff9370963fc970cd0df4a73f30ca88dc
                                                                                                                                                                • Instruction Fuzzy Hash: F1218772E1DEC61FE359EA2C58151B577E1EBA6794B0800BBC00EC72E3DD59680AC361
                                                                                                                                                                Function 00007FF848A358D7 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 5ab1a4cc13a99b947931cc4bfca22930087a068e4631edd598a5c4a8da9db216
                                                                                                                                                                • Instruction ID: e84f3cbb80f85e5cc3eda99cc279ba2c1f1f1b192e4837b2c858c3118ed1949d
                                                                                                                                                                • Opcode Fuzzy Hash: 5ab1a4cc13a99b947931cc4bfca22930087a068e4631edd598a5c4a8da9db216
                                                                                                                                                                • Instruction Fuzzy Hash: 64312672E0DA474EE319FA1CA4425F873E1EFA1794B14017BC04ECB1D3DE19684A92A1
                                                                                                                                                                Function 00007FF848A3592C Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 1d2758efff13c4be4ef2cef63c18f3cbf64c1dd521d3560cd85691652e7c7263
                                                                                                                                                                • Instruction ID: e1de2947b89665dc9cf3af18de15e1508e6afeb74390a867fb07874ef5677640
                                                                                                                                                                • Opcode Fuzzy Hash: 1d2758efff13c4be4ef2cef63c18f3cbf64c1dd521d3560cd85691652e7c7263
                                                                                                                                                                • Instruction Fuzzy Hash: D0213672A1DA864FF319FA2CE4421E467E1EBA5794B040077C45ACB693DD19A84B8361
                                                                                                                                                                Function 00007FF848A34378 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 045442fff4abf2d75ff6c34bbdac0eb278c07eaf2398dfba1d3e505d4eff784b
                                                                                                                                                                • Instruction ID: d05e0244aee6c6993363db1b22a74205fb843688a917ce4a71eec47720885dee
                                                                                                                                                                • Opcode Fuzzy Hash: 045442fff4abf2d75ff6c34bbdac0eb278c07eaf2398dfba1d3e505d4eff784b
                                                                                                                                                                • Instruction Fuzzy Hash: 24214C3190E6865FE306FE2CA4025E93BB1EF26380F0500B7D45CCF293CA6B684583A2
                                                                                                                                                                Function 00007FF848A358C4 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: a98838493a75096c14f2872e79123762ab66e310f055f27ee8577ea560feec20
                                                                                                                                                                • Instruction ID: 0a0b21cb9d7f2a2443b2e9a44b3bffaa2afe42a183f10e51bc63c540b3f7b049
                                                                                                                                                                • Opcode Fuzzy Hash: a98838493a75096c14f2872e79123762ab66e310f055f27ee8577ea560feec20
                                                                                                                                                                • Instruction Fuzzy Hash: C4214672E0DA478EE319FA1CA4425F863A1EFA03A4B04017BC04ECB1D3CE19684A8261
                                                                                                                                                                Function 00007FF848A358F2 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 4159eeb1df7977cd76848eed43e13194a82932804f558d92c89f5883c15d4c4e
                                                                                                                                                                • Instruction ID: 07e1607b54e8c291752a5b69635b15c22da085e9a7af0a20843e731c20c7d880
                                                                                                                                                                • Opcode Fuzzy Hash: 4159eeb1df7977cd76848eed43e13194a82932804f558d92c89f5883c15d4c4e
                                                                                                                                                                • Instruction Fuzzy Hash: 2E214572E1DE824FF319FA2CE0421E4A7E1EFA4794B040077C04ECB6D3DD19A84A8362
                                                                                                                                                                Function 00007FF848A358F4 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: e2ab2d5a59c70e3e94d6667d54a6786d2b95e94cf244f8b01195917b52d88b81
                                                                                                                                                                • Instruction ID: 0c259459cdc6a408e9dcf4f8958ab89fb37776ad649b4d9d0ff5ae1e6fb325e4
                                                                                                                                                                • Opcode Fuzzy Hash: e2ab2d5a59c70e3e94d6667d54a6786d2b95e94cf244f8b01195917b52d88b81
                                                                                                                                                                • Instruction Fuzzy Hash: 2E217B72A1CF824FF31AF62CA0421E467E1EFA4390B44007BC04ECB1D3CD19684A8361
                                                                                                                                                                Function 00007FF848A358FC Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 330202fa1765a2564c2e33b5535b3920ec2bf54249c7c8365feeee06c26c53d2
                                                                                                                                                                • Instruction ID: a07cf989b9df7e758543fc59033b4105510858ff073665534ae7a8bde0f4aecc
                                                                                                                                                                • Opcode Fuzzy Hash: 330202fa1765a2564c2e33b5535b3920ec2bf54249c7c8365feeee06c26c53d2
                                                                                                                                                                • Instruction Fuzzy Hash: 59216A71E1CE474EF359FA2C94415E863E1FF65794B44007BC00ECB1C3DD19A84A8261
                                                                                                                                                                Function 00007FF848A34E09 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 29a3d79488e02106d08f0bc87e84c720cfee4234ddb977e4b55a05230d183450
                                                                                                                                                                • Instruction ID: da9ecd2f5b029036cc1bd8d89b3032377308b9a0b6642eb62776aa1426bb8dcd
                                                                                                                                                                • Opcode Fuzzy Hash: 29a3d79488e02106d08f0bc87e84c720cfee4234ddb977e4b55a05230d183450
                                                                                                                                                                • Instruction Fuzzy Hash: E9213621E1EE8E0FE796F67864512B5B7D2FBA9250F0802B7C04EC3187EE5D98468351
                                                                                                                                                                Function 00007FF848A35914 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: ea8562fb3c2a508ea3166537d47e424bb4163cb6810d85b4cc0b200ee2fa1c9d
                                                                                                                                                                • Instruction ID: 5de6c19dba3c7da3a542d2b9d5ea5a4bb04f63a5d1945ae18eeb69b21ade686a
                                                                                                                                                                • Opcode Fuzzy Hash: ea8562fb3c2a508ea3166537d47e424bb4163cb6810d85b4cc0b200ee2fa1c9d
                                                                                                                                                                • Instruction Fuzzy Hash: 141159B2E1DF864FE35AEA2C94511A577E2FF65794B0401BBC01ECB1C3DD2AA849C361
                                                                                                                                                                Function 00007FF848A377E5 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 7420d05ef6e1add5b2e6362d413ebdfceb0291edf6f3d278468db34a3b54fc5f
                                                                                                                                                                • Instruction ID: d317c8ed3bc7459b1a80348fd6f555eb9b123ea15e98976d567429c17255533a
                                                                                                                                                                • Opcode Fuzzy Hash: 7420d05ef6e1add5b2e6362d413ebdfceb0291edf6f3d278468db34a3b54fc5f
                                                                                                                                                                • Instruction Fuzzy Hash: 5311E620E1DB865FE38AEB3804352B1ABD1EF5AA50B0901FAD049CB1D3DE1958418363
                                                                                                                                                                Function 00007FF848A36ED5 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 373590a0421271ff10a36313369c6faa672845c024fd10a7b05ecb8c7e76b3b9
                                                                                                                                                                • Instruction ID: 50b9b15f1c3c05883a006867c5cf456f801dda6fdb7b744ab7c067921fe560cd
                                                                                                                                                                • Opcode Fuzzy Hash: 373590a0421271ff10a36313369c6faa672845c024fd10a7b05ecb8c7e76b3b9
                                                                                                                                                                • Instruction Fuzzy Hash: EAE0926281EAC95EE716A63848610D47FB0EF52180B8901E3D498CB0A3E81A4A2D8352
                                                                                                                                                                Function 00007FF848A37B44 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: e6b8bc7cd6b02760b95c8212459957ebcb68326ab0961a04d9955e543be890a1
                                                                                                                                                                • Instruction ID: 5ef7689db6cb366915aa13705a2369a9cf91b46ac8d7a2945f40a6a1a6bfe3ab
                                                                                                                                                                • Opcode Fuzzy Hash: e6b8bc7cd6b02760b95c8212459957ebcb68326ab0961a04d9955e543be890a1
                                                                                                                                                                • Instruction Fuzzy Hash: C2E0263190DD988FD7A9E72C54652747BE0DF4A210B0800EAE089C72A2C5C98C818742
                                                                                                                                                                Function 00007FF848A3788E Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 9c8bfd65a727f6988342f6d4780774790d3f4cf0740a7ad10d4d90de2334a5a5
                                                                                                                                                                • Instruction ID: 2b05098e97f057ea6eb6091915ee4ad767b3aeaedf66f8ec1f523386ccd700d0
                                                                                                                                                                • Opcode Fuzzy Hash: 9c8bfd65a727f6988342f6d4780774790d3f4cf0740a7ad10d4d90de2334a5a5
                                                                                                                                                                • Instruction Fuzzy Hash: E6D01353F0F5994FF155F52C14551646781EF55990F5489F7C04CCB095E7505C4DC352
                                                                                                                                                                Function 00007FF848A30278 Relevance: .0, Instructions: 1COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 00000009.00000003.2141406040.00007FF848A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848A30000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_9_3_7ff848a30000_rundll32.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: f25dc9b8a2de0b62b38b66a8b0f118900e3272c4a986bcc7f326dff8192e2249
                                                                                                                                                                • Instruction ID: 1af7d387f5258aefac2309dcacffd48a5a865288cac1e00e1d649c9ef9ea46d7
                                                                                                                                                                • Opcode Fuzzy Hash: f25dc9b8a2de0b62b38b66a8b0f118900e3272c4a986bcc7f326dff8192e2249
                                                                                                                                                                • Instruction Fuzzy Hash:

                                                                                                                                                                Non-executed Functions

                                                                                                                                                                Function 00007FF78CF6F928 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                APIs
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000C.00000002.3295384549.00007FF78C9F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF78C9F0000, based on PE: true
                                                                                                                                                                • Associated: 0000000C.00000002.3295363379.00007FF78C9F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                • Associated: 0000000C.00000002.3295758131.00007FF78CF92000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                • Associated: 0000000C.00000002.3295966112.00007FF78D218000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                • Associated: 0000000C.00000002.3296004378.00007FF78D21D000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                • Associated: 0000000C.00000002.3296032110.00007FF78D21E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                • Associated: 0000000C.00000002.3296059620.00007FF78D21F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                • Associated: 0000000C.00000002.3296086554.00007FF78D220000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                • Associated: 0000000C.00000002.3296114372.00007FF78D224000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_12_2_7ff78c9f0000_pdq-connect-agent.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID: 2933794660-0
                                                                                                                                                                • Opcode ID: ebe240883b761f7b0d3aa0aac3ad0fe04535ca2996f0daf7478e84213478c263
                                                                                                                                                                • Instruction ID: ee4a6e36e8fcb0a7a0ce121421d5c83279bada14ba23f3d5fb9aa3b20b57f5af
                                                                                                                                                                • Opcode Fuzzy Hash: ebe240883b761f7b0d3aa0aac3ad0fe04535ca2996f0daf7478e84213478c263
                                                                                                                                                                • Instruction Fuzzy Hash: 54115126B14F018AFB00DF60E8456B8B3A4F719758F840E31EA1D467A4EF78D198C350

                                                                                                                                                                Executed Functions

                                                                                                                                                                Function 00007FF848965FA8 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000E.00000002.2344042445.00007FF848960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848960000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_14_2_7ff848960000_powershell.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: d46fe3f0883475b03882d5b1752f00d0ee381cd8b7d42491e15225b99172b272
                                                                                                                                                                • Instruction ID: d685eb401f4861414e3e6437173f47194094a4ab9d5d1fc554c20238fc0e53a1
                                                                                                                                                                • Opcode Fuzzy Hash: d46fe3f0883475b03882d5b1752f00d0ee381cd8b7d42491e15225b99172b272
                                                                                                                                                                • Instruction Fuzzy Hash: 5C31C73091CB4C8FDB5DDB5C984A6A97BE0FB59721F00422FE449D3252CB75A855CBC2
                                                                                                                                                                Function 00007FF848966748 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000E.00000002.2344042445.00007FF848960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848960000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_14_2_7ff848960000_powershell.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 069b0ad41933198678f1b68bf7667aac2adc40e687884b5e28da24c2f48454f2
                                                                                                                                                                • Instruction ID: 5a7ca78262fc03c1e516809a92f0f8b6982f72ad19534d84ae885b50abf86416
                                                                                                                                                                • Opcode Fuzzy Hash: 069b0ad41933198678f1b68bf7667aac2adc40e687884b5e28da24c2f48454f2
                                                                                                                                                                • Instruction Fuzzy Hash: 5B21F63190CB4C8FEB59DFAC984A7E97BE0EB96331F04416FD049C3152DA74A456CB91
                                                                                                                                                                Function 00007FF848966543 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000E.00000002.2344042445.00007FF848960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848960000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_14_2_7ff848960000_powershell.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: bffbbc21011a77d2aae89e8b2c663b4dcad3fbfc223c85726363b3a2add3ebea
                                                                                                                                                                • Instruction ID: 1b8cf032d7a594c3aad9906d296c21f3aa8b7dcdf935c03260ffdd5e355e5d11
                                                                                                                                                                • Opcode Fuzzy Hash: bffbbc21011a77d2aae89e8b2c663b4dcad3fbfc223c85726363b3a2add3ebea
                                                                                                                                                                • Instruction Fuzzy Hash: 2521AC2290EBC99FD707AB2858750E93FB0EF13254B1A01E7D4D8CB0A3DB195848D396
                                                                                                                                                                Function 00007FF848963605 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                Download Yara Rule
                                                                                                                                                                Memory Dump Source
                                                                                                                                                                • Source File: 0000000E.00000002.2344042445.00007FF848960000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848960000, based on PE: false
                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                • Snapshot File: hcaresult_14_2_7ff848960000_powershell.jbxd
                                                                                                                                                                Similarity
                                                                                                                                                                • API ID:
                                                                                                                                                                • String ID:
                                                                                                                                                                • API String ID:
                                                                                                                                                                • Opcode ID: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                                                                                                                • Instruction ID: 076d0a8921bc893da1676464e2932ffffe8b3885cce5b7d637a48a4d409b054f
                                                                                                                                                                • Opcode Fuzzy Hash: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
                                                                                                                                                                • Instruction Fuzzy Hash: A701677111CB0C4FD744EF0CE451AA9B7E0FB95365F10056DE58AC3651D736E892CB45